FreeBSD Bugzilla – Attachment 246915 Details for
Bug 275640
ftp/curl: update to 8.5.0
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
security/vuxml: document curl multiple vulnerabilities
0002-security-vuxml-document-curl-multiple-vulnerabilitie.patch (text/plain), 1.79 KB, created by
R. Christian McDonald
on 2023-12-08 20:49:29 UTC
(
hide
)
Description:
security/vuxml: document curl multiple vulnerabilities
Filename:
MIME Type:
Creator:
R. Christian McDonald
Created:
2023-12-08 20:49:29 UTC
Size:
1.79 KB
patch
obsolete
>From df03223c95045d702658c1bfe017c638241a65cf Mon Sep 17 00:00:00 2001 >From: "R. Christian McDonald" <rcm@FreeBSD.org> >Date: Fri, 8 Dec 2023 20:44:21 +0000 >Subject: [PATCH 2/2] security/vuxml: document curl multiple vulnerabilities > >Sponsored by: Rubicon Communications, LLC ("Netgate") >--- > security/vuxml/vuln/2023.xml | 32 ++++++++++++++++++++++++++++++++ > 1 file changed, 32 insertions(+) > >diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml >index dcc73a792dd8..21c977083301 100644 >--- a/security/vuxml/vuln/2023.xml >+++ b/security/vuxml/vuln/2023.xml >@@ -1,3 +1,35 @@ >+ <vuln vid="9744c84d-9608-11ee-8731-000af7b98cf6"> >+ <topic>curl -- multiple vulnerabilities</topic> >+ <affects> >+ <package> >+ <name>curl</name> >+ <range><lt>8.5.0</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>Harry Sintonen and Maksymilian Arciemowicz reports:</p> >+ <blockquote cite="https://curl.se/docs/security.html"> >+ <p>This update fixes 2 security vulnerabilities:</p> >+ <ul> >+ <li>Medium CVE-2023-46218: cookie mixed case PSL bypass. Reported by Harry Sintonen on 2023-10-16.</li> >+ <li>Low CVE-2023-46219: HSTS long file name clears contents. Reportede by Maksymilian Arciemowicz on 2023-11-2</li> >+ </ul> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2023-28318</cvename> >+ <url>https://curl.se/docs/CVE-2023-46218.html</url> >+ <cvename>CVE-2023-46219</cvename> >+ <url>https://curl.se/docs/CVE-2023-46219.html</url> >+ </references> >+ <dates> >+ <discovery>2023-10-16</discovery> >+ <entry>2023-12-08</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="e07a7754-12a4-4661-b852-fd221d68955f"> > <topic>electron25 -- multiple vulnerabilities</topic> > <affects> >-- >2.43.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=246915">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 275640
:
246914
| 246915