curl: removes wrong file on error https://curl.se/docs/CVE-2022-27778.html curl: cookie for trailing dot TLD https://curl.se/docs/CVE-2022-27779.html curl: percent-encoded path separator in URL host https://curl.se/docs/CVE-2022-27780.html curl: CERTINFO never-ending busy-loop https://curl.se/docs/CVE-2022-27781.html curl: TLS and SSH connection too eager reuse https://curl.se/docs/CVE-2022-27782.html curl: HSTS bypass via trailing dot https://curl.se/docs/CVE-2022-30115.html Please bump to 7.83.1.
(In reply to John Helmert III from comment #0) > > Please bump to 7.83.1. I just added it to the tree and preliminary tests look good. Please stabilize.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=d4066956acc3f238eef20bbbad18f982301dd80b commit d4066956acc3f238eef20bbbad18f982301dd80b Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-12-19 01:59:44 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-12-19 02:04:27 +0000 [ GLSA 202212-01 ] curl: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/803308 Bug: https://bugs.gentoo.org/813270 Bug: https://bugs.gentoo.org/841302 Bug: https://bugs.gentoo.org/843824 Bug: https://bugs.gentoo.org/854708 Bug: https://bugs.gentoo.org/867679 Bug: https://bugs.gentoo.org/878365 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202212-01.xml | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+)
GLSA released, all done.
