Attachment 226583 Details for Bug 257306 – patch to submit the curl vulnerabilities to vuxml

[patch] patch to submit the curl vulnerabilities to vuxml

vuln-2021.diff (text/plain), 1.50 KB, created by rob2g2 on 2021-07-21 08:55:27 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: rob2g2

Created: 2021-07-21 08:55:27 UTC

Size: 1.50 KB

patch

obsolete

>*** vuln-2021.xml	Wed Jul 21 10:48:36 2021
>--- vuln-2021.withentry	Wed Jul 21 10:47:14 2021
>***************
>*** 0 ****
>--- 1,39 ----
>+ <vuln vid="8b1d4992-e9fe-11eb-872f-b42e99a1b9c3">
>+ <topic>curl -- multiple vulnerabilities</topic>
>+ <affects>
>+ <package>
>+ 	<name>curl</name>
>+ 	<range><ge>7.33.0</ge><lt>7.78.0</lt></range>
>+ </package>
>+ </affects>
>+ <description>
>+ <body xmlns="http://www.w3.org/1999/xhtml">
>+ 	Project curl reports:
>+ 	<blockquote cite="https://curl.se/docs/security.html">
>+ 	 .
>+ This release contains 8 security fixes, including:
>+ 	 <ul>
>+ 	 <li>CVE-2021-22922: improper input validation</li>
>+ 	 <li>CVE-2021-22923: insufficiently protected credentials</li>
>+ 	 <li>CVE-2021-22924: improper certificate validation</li>
>+ 	 <li>CVE-2021-22925: use of uninitialized variable</li>
>+ 	 <li>CVE-2021-22926: improper certificate validation</li>
>+ 	 </ul>
>+ 	 Google is aware of reports that an exploit for CVE-2021-30563 exists in the wild.
>+ 	</blockquote>
>+ </body>
>+ </description>
>+ <references>
>+ <cvename>CVE-2021-22922</cvename>
>+ <cvename>CVE-2021-22923</cvename>
>+ <cvename>CVE-2021-22924</cvename>
>+ <cvename>CVE-2021-22925</cvename>
>+ <cvename>CVE-2021-22926</cvename>
>+ <url>https://curl.se/docs/security.html</url>
>+ </references>
>+ <dates>
>+ <discovery>2021-07-21</discovery>
>+ <entry>2021-07-21</entry>
>+ </dates>
>+ </vuln>
>+

Actions: View | Diff

Attachments on bug 257306: 226583 | 226588 | 226589