GNU bug report logs - #47563
curl is vulnerable to CVE-2021-22890 and CVE-2021-22876

Previous Next

Package: guix;

Reported by: Léo Le Bouter <lle-bout <at> zaclys.net>

Date: Fri, 2 Apr 2021 14:05:02 UTC

Severity: normal

Tags: security

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Léo Le Bouter <lle-bout <at> zaclys.net>
To: leo <at> famulari.name, 47563 <at> debbugs.gnu.org
Subject: bug#47563: [PATCH 0/1] gnu: curl: Fix CVE-2021-22876 and CVE-2021-22890.
Date: Fri, 02 Apr 2021 20:43:59 +0200

[Message part 1 (text/plain, inline)]

On Fri, 2021-04-02 at 14:22 -0400, Leo Famulari wrote:
> 
> Can we try grafting an "upgrade" to 7.76.0? In my experience, most
> curl
> upgrades are graftable.
> 
> Curl's developers are very careful with their ABI and even maintain
> their own page on the subject: <https://curl.se/libcurl/abi.html>

If you think that's OK, let's do it!

I see indeed from that page there should be no problem.

Will send a patch shortly.

[signature.asc (application/pgp-signature, inline)]

This bug report was last modified 4 years and 48 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #47563 curl is vulnerable to CVE-2021-22890 and CVE-2021-22876

GNU bug report logs - #47563
curl is vulnerable to CVE-2021-22890 and CVE-2021-22876