"TLS session caching disaster
libcurl can be tricked into using already freed memory when a new TLS session
is negotiated or a client certificate is requested on an existing connection.
For example, this can happen when a TLS server requests a client certificate
on a connection that was established without one. A malicious server can use
this in rare unfortunate circumstances to potentially reach remote code
execution in the client."
"TELNET stack contents disclosure
curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`
in libcurl. This rarely used option is used to send variable=content pairs to
Due to flaw in the option parser for sending `NEW_ENV` variables, libcurl
could be made to pass on uninitialized data from a stack based buffer to the
server. Therefore potentially revealing sensitive internal information to the
server using a clear-text network protocol."
Fixed in 7.77.0, please bump.
Added to an existing GLSA request.
The bug has been referenced in the following commit(s):
Author: Sam James <firstname.lastname@example.org>
AuthorDate: 2021-05-26 09:54:26 +0000
Commit: Sam James <email@example.com>
CommitDate: 2021-05-26 09:54:39 +0000
net-misc/curl: add 7.77.0
Signed-off-by: Sam James <firstname.lastname@example.org>
net-misc/curl/Manifest | 1 +
net-misc/curl/curl-7.77.0.ebuild | 295 +++++++++++++++++++++++++++++++++++++++
2 files changed, 296 insertions(+)
This issue was resolved and addressed in
GLSA 202105-36 at https://security.gentoo.org/glsa/202105-36
by GLSA coordinator Thomas Deutschmann (whissi).
Re-opening for remaining architectures.
all arches done
(In reply to John Helmert III from comment #13)
> Please cleanup.
(In reply to Anthony Basile from comment #14)
> (In reply to John Helmert III from comment #13)
> > Please cleanup.
Thank you! GLSA already sent, all done.