FreeBSD Bugzilla – Attachment 242260 Details for
Bug 271497
ftp/curl: security update to 8.1.0
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
vuxml entry
0002-vuxml-entry.patch (text/plain), 2.06 KB, created by
R. Christian McDonald
on 2023-05-18 21:21:45 UTC
(
hide
)
Description:
vuxml entry
Filename:
MIME Type:
Creator:
R. Christian McDonald
Created:
2023-05-18 21:21:45 UTC
Size:
2.06 KB
patch
obsolete
>From 87e2431d7130edb984ee8223ad738f91390c2bfa Mon Sep 17 00:00:00 2001 >From: "R. Christian McDonald" <rcm@rcm.sh> >Date: Thu, 18 May 2023 17:12:13 -0400 >Subject: [PATCH 2/2] vuxml entry > >--- > security/vuxml/vuln/2023.xml | 38 ++++++++++++++++++++++++++++++++++++ > 1 file changed, 38 insertions(+) > >diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml >index 599b125f6019..75d3f36a5d24 100644 >--- a/security/vuxml/vuln/2023.xml >+++ b/security/vuxml/vuln/2023.xml >@@ -1,3 +1,41 @@ >+ <vuln vid="a4f8bb03-f52f-11ed-9859-080027083a05"> >+ <topic>curl -- multiple vulnerabilities</topic> >+ <affects> >+ <package> >+ <name>curl</name> >+ <range><lt>8.1.0</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>Wei Chong Tan, Harry Sintonen, and Hiroki Kurosawa reports:</p> >+ <blockquote cite="https://curl.se/docs/security.html"> >+ <p>This update fixes 4 security vulnerabilities:</p> >+ <ul> >+ <li>Medium CVE-2023-28319: UAF in SSH sha256 fingerprint check. Reported by Wei Chong Tan on 2023-03-21</li> >+ <li>Low CVE-2023-28320: siglongjmp race condition. Reported by Harry Sintonen on 2023-04-02</li> >+ <li>Low CVE-2023-28321: IDN wildcard match. Reported by Hiroki Kurosawa on 2023-04-17</li> >+ <li>Low CVE-2023-28322: more POST-after-PUT confusion. Reported by Hiroki Kurosawa on 2023-04-19</li> >+ </ul> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2023-28319</cvename> >+ <url>https://curl.se/docs/CVE-2023-28319.html</url> >+ <cvename>CVE-2023-28320</cvename> >+ <url>https://curl.se/docs/CVE-2023-28320.html</url> >+ <cvename>CVE-2023-28321</cvename> >+ <url>https://curl.se/docs/CVE-2023-28321.html</url> >+ <cvename>CVE-2023-28322</cvename> >+ <url>https://curl.se/docs/CVE-2023-28322.html</url> >+ </references> >+ <dates> >+ <discovery>2023-03-21</discovery> >+ <entry>2023-05-18</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="b09d77d0-b27c-48ae-b69b-9641bb68b39e"> > <topic>electron -- vulnerability</topic> > <affects> >-- >2.40.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=242260">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 271497
:
242259
| 242260