CVE-2022-22576: curl OAUTH2 bearer bypass in connection re-use CVE-2022-27774: curl credential leak on redirect CVE-2022-27775: curl bad local IPv6 connection reuse CVE-2022-27776: curl auth/cookie leak on redirect Please bump to 7.83.0.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=25f5af6ec754e7e2f1e9d9c60e1196dfa42eb59f commit 25f5af6ec754e7e2f1e9d9c60e1196dfa42eb59f Author: Sam James <sam@gentoo.org> AuthorDate: 2022-05-03 03:18:43 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-05-03 03:18:47 +0000 net-misc/curl: add 7.83.0 Now with verbose tests & disabled valgrind (unreliable on various arches and within sandbox). Bug: https://bugs.gentoo.org/841302 Closes: https://bugs.gentoo.org/739738 Signed-off-by: Sam James <sam@gentoo.org> net-misc/curl/Manifest | 2 + net-misc/curl/curl-7.83.0.ebuild | 287 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 289 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=d4066956acc3f238eef20bbbad18f982301dd80b commit d4066956acc3f238eef20bbbad18f982301dd80b Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-12-19 01:59:44 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-12-19 02:04:27 +0000 [ GLSA 202212-01 ] curl: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/803308 Bug: https://bugs.gentoo.org/813270 Bug: https://bugs.gentoo.org/841302 Bug: https://bugs.gentoo.org/843824 Bug: https://bugs.gentoo.org/854708 Bug: https://bugs.gentoo.org/867679 Bug: https://bugs.gentoo.org/878365 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202212-01.xml | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+)
GLSA released, all done.