[Bug 2039798] Re: please merge from debian instable 8.4 to address vulnerability
Launchpad Bug Tracker
2039798 at bugs.launchpad.net
Sat Nov 18 10:41:07 UTC 2023
This bug was fixed in the package curl - 8.4.0-2ubuntu1
---------------
curl (8.4.0-2ubuntu1) noble; urgency=medium
* Merge from Debian unstable (LP: #2039798). Remaining changes:
- debian/control: Don't build-depend on python3-impacket on i386
so we can drop it (and its dependencies) from the i386 partial port.
It's only used for the tests, which do not block the build in any case.
* Drop patches for CVEs fixed upstream:
- debian/patches/CVE-2023-38039.patch
- debian/patches/CVE-2023-38545.patch
- debian/patches/CVE-2023-38546.patch
* Drop delta merged in Debian
- debian/tests/control
- debian/tests/curl-ldapi-test
-- Danilo Egea Gondolfo <danilo.egea.gondolfo at canonical.com> Wed, 01
Nov 2023 12:06:23 +0000
** Changed in: curl (Ubuntu)
Status: Confirmed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-38039
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-38545
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-38546
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to curl in Ubuntu.
https://bugs.launchpad.net/bugs/2039798
Title:
please merge from debian instable 8.4 to address vulnerability
Status in curl package in Ubuntu:
Fix Released
Bug description:
Actually Mantic has 8.2.1 version
A huge security issue is fixed with 8.4 : https://linuxsecurity.com/news/security-vulnerabilities/curl-8-4-released-for-addressing-a-big-security-vulnerability
changelog: https://curl.se/changes.html
Available on Debian Sid: https://packages.debian.org/sid/curl
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2039798/+subscriptions
More information about the foundations-bugs
mailing list