Summary: | <net-misc/curl-8.3.0-r2: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Matt Jolly <kangie> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system, chutzpah, hanno, hydrapolic, kangie, luke |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/curl/curl/discussions/12026 | ||
Whiteboard: | B2 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 915569, 915579 | ||
Bug Blocks: |
Description
Matt Jolly
2023-10-05 06:31:51 UTC
Out now: https://curl.se/changes.html#8_4_0 Advisories: https://curl.se/docs/CVE-2023-38545.html https://curl.se/docs/CVE-2023-38546.html The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dd88db729392219f7360e750624963b19f863798 commit dd88db729392219f7360e750624963b19f863798 Author: Matt Jolly <Matt.Jolly@footclan.ninja> AuthorDate: 2023-10-11 06:32:58 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-10-11 06:37:54 +0000 net-misc/curl: add 8.4.0 Bug: https://bugs.gentoo.org/915195 Signed-off-by: Matt Jolly <Matt.Jolly@footclan.ninja> Closes: https://github.com/gentoo/gentoo/pull/33293 Signed-off-by: Sam James <sam@gentoo.org> net-misc/curl/Manifest | 2 + net-misc/curl/curl-8.4.0.ebuild | 363 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 365 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7f8dbaf27e1846b31eeb6d4b02fd9979ace03d8a commit 7f8dbaf27e1846b31eeb6d4b02fd9979ace03d8a Author: Sam James <sam@gentoo.org> AuthorDate: 2023-10-11 07:01:55 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-10-11 07:01:55 +0000 net-misc/curl: backport CVE-2023-38545, CVE-2023-38546 fixes to 8.3.0 Had a request to backport these - so why not? curl is a large program so people might be hesitant to upgrade it quickly everywhere, so let's make life a bit easier for them. Bug: https://bugs.gentoo.org/915195 Signed-off-by: Sam James <sam@gentoo.org> net-misc/curl/curl-8.3.0-r2.ebuild | 363 +++++++++++++++++++++ .../curl/files/curl-8.3.0-CVE-2023-38545.patch | 136 ++++++++ .../curl/files/curl-8.3.0-CVE-2023-38546.patch | 131 ++++++++ 3 files changed, 630 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=3dfe02046c2bc76fb7e910a04702603b72fcb98c commit 3dfe02046c2bc76fb7e910a04702603b72fcb98c Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-10-11 08:40:59 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-10-11 08:41:24 +0000 [ GLSA 202310-12 ] curl: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/887745 Bug: https://bugs.gentoo.org/894676 Bug: https://bugs.gentoo.org/902801 Bug: https://bugs.gentoo.org/906590 Bug: https://bugs.gentoo.org/910564 Bug: https://bugs.gentoo.org/914091 Bug: https://bugs.gentoo.org/915195 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202310-12.xml | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c22372a61dd61966e9d8438d2cd64ba847a9be20 commit c22372a61dd61966e9d8438d2cd64ba847a9be20 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-11-25 05:09:19 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-11-25 05:09:26 +0000 net-misc/curl: drop 8.2.1, 8.3.0, 8.3.0-r1 Bug: https://bugs.gentoo.org/914091 Bug: https://bugs.gentoo.org/915195 Signed-off-by: Sam James <sam@gentoo.org> net-misc/curl/Manifest | 2 - net-misc/curl/curl-8.2.1.ebuild | 361 ------------------------------------- net-misc/curl/curl-8.3.0-r1.ebuild | 361 ------------------------------------- net-misc/curl/curl-8.3.0.ebuild | 360 ------------------------------------ net-misc/curl/metadata.xml | 1 - 5 files changed, 1085 deletions(-) All done! |