diff options
author | Jean-Pierre Giraud <jean-pierregiraud@neuf.fr> | 2023-12-24 09:37:14 +0100 |
---|---|---|
committer | Jean-Pierre Giraud <jean-pierregiraud@neuf.fr> | 2023-12-24 09:37:14 +0100 |
commit | 3f827f17e9119fed8ab46431430f2162da39304c (patch) | |
tree | 931dec9e230f332c87a7b79e0a7a511590c6a702 /english/security | |
parent | 18836d46cea2e9e0c016a047fdf0f114aa6d22b2 (diff) |
[SECURITY] [DSA 5587-1] curl security update
Diffstat (limited to 'english/security')
-rw-r--r-- | english/security/2023/dsa-5587.data | 13 | ||||
-rw-r--r-- | english/security/2023/dsa-5587.wml | 23 |
2 files changed, 36 insertions, 0 deletions
diff --git a/english/security/2023/dsa-5587.data b/english/security/2023/dsa-5587.data new file mode 100644 index 00000000000..7cad7afeadd --- /dev/null +++ b/english/security/2023/dsa-5587.data @@ -0,0 +1,13 @@ +<define-tag pagetitle>DSA-5587-1 curl</define-tag> +<define-tag report_date>2023-12-23</define-tag> +<define-tag secrefs>CVE-2023-46218 CVE-2023-46219</define-tag> +<define-tag packages>curl</define-tag> +<define-tag isvulnerable>yes</define-tag> +<define-tag fixed>yes</define-tag> +<define-tag fixed-section>no</define-tag> + +#use wml::debian::security + + + +</dl> diff --git a/english/security/2023/dsa-5587.wml b/english/security/2023/dsa-5587.wml new file mode 100644 index 00000000000..83e5680e7d2 --- /dev/null +++ b/english/security/2023/dsa-5587.wml @@ -0,0 +1,23 @@ +<define-tag description>security update</define-tag> +<define-tag moreinfo> +<p>Two security issues were discovered in Curl: Cookies were incorrectly +validated against the public suffix list of domains and in same cases +HSTS data could fail to save to disk.</p> + +<p>For the oldstable distribution (bullseye), these problems have been fixed +in version 7.74.0-1.3+deb11u11.</p> + +<p>For the stable distribution (bookworm), these problems have been fixed in +version 7.88.1-10+deb12u5.</p> + +<p>We recommend that you upgrade your curl packages.</p> + +<p>For the detailed security status of curl please refer to +its security tracker page at: +<a href="https://security-tracker.debian.org/tracker/curl">\ +https://security-tracker.debian.org/tracker/curl</a></p> +</define-tag> + +# do not modify the following line +#include "$(ENGLISHDIR)/security/2023/dsa-5587.data" +# $Id: $ |