CVE-2022-22576: curl OAUTH2 bearer bypass in connection re-use CVE-2022-27774: curl credential leak on redirect CVE-2022-27775: curl bad local IPv6 connection reuse CVE-2022-27776: curl auth/cookie leak on redirect Please bump to 7.83.0.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=25f5af6ec754e7e2f1e9d9c60e1196dfa42eb59f commit 25f5af6ec754e7e2f1e9d9c60e1196dfa42eb59f Author: Sam James <sam@gentoo.org> AuthorDate: 2022-05-03 03:18:43 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-05-03 03:18:47 +0000 net-misc/curl: add 7.83.0 Now with verbose tests & disabled valgrind (unreliable on various arches and within sandbox). Bug: https://bugs.gentoo.org/841302 Closes: https://bugs.gentoo.org/739738 Signed-off-by: Sam James <sam@gentoo.org> net-misc/curl/Manifest | 2 + net-misc/curl/curl-7.83.0.ebuild | 287 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 289 insertions(+)