Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 843824 (CVE-2022-27779, CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-30115)

Summary: <net-misc/curl-7.81.1: multiple vulnerabilities
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: normal CC: blueness
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A3 [glsa? cleanup]
Package list:
Runtime testing required: ---
Bug Depends on: 842531    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-11 22:05:21 UTC
curl: removes wrong file on error
https://curl.se/docs/CVE-2022-27778.html

curl: cookie for trailing dot TLD
https://curl.se/docs/CVE-2022-27779.html

curl: percent-encoded path separator in URL host
https://curl.se/docs/CVE-2022-27780.html

curl: CERTINFO never-ending busy-loop
https://curl.se/docs/CVE-2022-27781.html

curl: TLS and SSH connection too eager reuse
https://curl.se/docs/CVE-2022-27782.html

curl: HSTS bypass via trailing dot
https://curl.se/docs/CVE-2022-30115.html

Please bump to 7.83.1.
Comment 1 Anthony Basile gentoo-dev 2022-05-13 19:18:07 UTC
(In reply to John Helmert III from comment #0)
> 
> Please bump to 7.83.1.

I just added it to the tree and preliminary tests look good.  Please stabilize.