[ubuntu/kinetic-security] curl 7.85.0-1ubuntu0.2 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Thu Jan 5 17:07:12 UTC 2023
curl (7.85.0-1ubuntu0.2) kinetic-security; urgency=medium
* SECURITY UPDATE: Another HSTS bypass via IDN
- debian/patches/CVE-2022-43551.patch: use the IDN decoded name in HSTS
checks in lib/http.c.
- CVE-2022-43551
* SECURITY UPDATE: HTTP Proxy deny use-after-free
- debian/patches/CVE-2022-43552.patch: do not free the protocol struct
in *_done() in lib/smb.c, lib/telnet.c.
- CVE-2022-43552
Date: 2023-01-04 16:58:09.449863+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/curl/7.85.0-1ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the kinetic-changes
mailing list