Univention Bugzilla – Bug 52142
curl: Multiple issues (4.4)
Last modified: 2020-09-30 15:37:50 CEST
New Debian curl 7.52.1-5+deb9u12 fixes: This update addresses the following issue: * Expired pointer dereference via multi API with `CURLOPT_CONNECT_ONLY` option set (CVE-2020-8231)
--- mirror/ftp/4.4/unmaintained/4.4-6/source/curl_7.52.1-5+deb9u11.dsc +++ apt/ucs_4.4-0-errata4.4-6/source/curl_7.52.1-5+deb9u12.dsc @@ -1,3 +1,11 @@ +7.52.1-5+deb9u12 [Sun, 20 Sep 2020 18:03:02 +0200] Thorsten Alteholz <debian@alteholz.de>: + + * Non-maintainer upload by the LTS Team. + * CVE-2020-8231 + in rare circumstances, when using the multi API of curl in + combination with CURLOPT_CONNECT_ONLY, the wrong connection + might be used when transfering data later + 7.52.1-5+deb9u11 [Mon, 13 Jul 2020 19:03:02 +0200] Thorsten Alteholz <debian@alteholz.de>: * Non-maintainer upload by the LTS Team. <http://10.200.17.11/4.4-6/#8640689909873906097>
OK: yaml OK: announce_errata OK: patch ~OK: piuparts dbgsym [4.4-6] 536d87a21a Bug #52142: curl 7.52.1-5+deb9u12 doc/errata/staging/curl.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x751>