Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 843824 (CVE-2022-27779, CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-30115) - <net-misc/curl-7.81.1: multiple vulnerabilities
Summary: <net-misc/curl-7.81.1: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2022-27779, CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-30115
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL:
Whiteboard: A3 [glsa+]
Keywords:
Depends on: 842531
Blocks:
  Show dependency tree
 
Reported: 2022-05-11 22:05 UTC by John Helmert III
Modified: 2022-12-19 02:29 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-11 22:05:21 UTC
curl: removes wrong file on error
https://curl.se/docs/CVE-2022-27778.html

curl: cookie for trailing dot TLD
https://curl.se/docs/CVE-2022-27779.html

curl: percent-encoded path separator in URL host
https://curl.se/docs/CVE-2022-27780.html

curl: CERTINFO never-ending busy-loop
https://curl.se/docs/CVE-2022-27781.html

curl: TLS and SSH connection too eager reuse
https://curl.se/docs/CVE-2022-27782.html

curl: HSTS bypass via trailing dot
https://curl.se/docs/CVE-2022-30115.html

Please bump to 7.83.1.
Comment 1 Anthony Basile gentoo-dev 2022-05-13 19:18:07 UTC
(In reply to John Helmert III from comment #0)
> 
> Please bump to 7.83.1.

I just added it to the tree and preliminary tests look good.  Please stabilize.
Comment 2 Larry the Git Cow gentoo-dev 2022-12-19 02:05:21 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=d4066956acc3f238eef20bbbad18f982301dd80b

commit d4066956acc3f238eef20bbbad18f982301dd80b
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-12-19 01:59:44 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-12-19 02:04:27 +0000

    [ GLSA 202212-01 ] curl: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/803308
    Bug: https://bugs.gentoo.org/813270
    Bug: https://bugs.gentoo.org/841302
    Bug: https://bugs.gentoo.org/843824
    Bug: https://bugs.gentoo.org/854708
    Bug: https://bugs.gentoo.org/867679
    Bug: https://bugs.gentoo.org/878365
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202212-01.xml | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 72 insertions(+)
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-12-19 02:29:10 UTC
GLSA released, all done.