Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 843824 (CVE-2022-27779, CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-30115) - <net-misc/curl-7.81.1: multiple vulnerabilities
Summary: <net-misc/curl-7.81.1: multiple vulnerabilities
Status: IN_PROGRESS
Alias: CVE-2022-27779, CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-30115
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A3 [glsa? cleanup]
Keywords:
Depends on: 842531
Blocks:
  Show dependency tree
 
Reported: 2022-05-11 22:05 UTC by John Helmert III
Modified: 2022-05-19 18:20 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-11 22:05:21 UTC 
curl: removes wrong file on error
https://curl.se/docs/CVE-2022-27778.html

curl: cookie for trailing dot TLD
https://curl.se/docs/CVE-2022-27779.html

curl: percent-encoded path separator in URL host
https://curl.se/docs/CVE-2022-27780.html

curl: CERTINFO never-ending busy-loop
https://curl.se/docs/CVE-2022-27781.html

curl: TLS and SSH connection too eager reuse
https://curl.se/docs/CVE-2022-27782.html

curl: HSTS bypass via trailing dot
https://curl.se/docs/CVE-2022-30115.html

Please bump to 7.83.1.
Comment 1 Anthony Basile gentoo-dev 2022-05-13 19:18:07 UTC 
(In reply to John Helmert III from comment #0)
> 
> Please bump to 7.83.1.

I just added it to the tree and preliminary tests look good.  Please stabilize.