Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 843824 (CVE-2022-27779, CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-30115) - <net-misc/curl-7.81.1: multiple vulnerabilities
Summary: <net-misc/curl-7.81.1: multiple vulnerabilities
Alias: CVE-2022-27779, CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-30115
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: A3 [glsa? cleanup]
Depends on: 842531
  Show dependency tree
Reported: 2022-05-11 22:05 UTC by John Helmert III
Modified: 2022-05-19 18:20 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-11 22:05:21 UTC
curl: removes wrong file on error

curl: cookie for trailing dot TLD

curl: percent-encoded path separator in URL host

curl: CERTINFO never-ending busy-loop

curl: TLS and SSH connection too eager reuse

curl: HSTS bypass via trailing dot

Please bump to 7.83.1.
Comment 1 Anthony Basile gentoo-dev 2022-05-13 19:18:07 UTC
(In reply to John Helmert III from comment #0)
> Please bump to 7.83.1.

I just added it to the tree and preliminary tests look good.  Please stabilize.