Univention Bugzilla – Bug 57503
curl: Multiple issues (5.0)
Last modified: 2024-08-07 12:13:11 CEST
New Debian curl 7.64.0-4+deb10u10 fixes: This update addresses the following issue: 7.64.0-4+deb10u10 (Sat, 03 Aug 2024 11:23:41 +0200) * Non-maintainer upload by the LTS team. * Fix CVE-2024-7264: A denial-of-service vulnerability was found in cURL, an easy-to-use client-side URL transfer library. libcurl's ASN1 parser code has the GTime2str() function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up crashing but this flaw can also lead to heap contents getting returned to the application when CURLINFO_CERTINFO is used.
--- mirror/ftp/pool/main/c/curl/curl_7.64.0-4+deb10u9.dsc +++ apt/ucs_5.0-0-errata5.0-8/source/curl_7.64.0-4+deb10u10.dsc @@ -1,3 +1,14 @@ +7.64.0-4+deb10u10 [Sat, 03 Aug 2024 11:23:41 +0200] Markus Koschany <apo@debian.org>: + + * Non-maintainer upload by the LTS team. + * Fix CVE-2024-7264: + A denial-of-service vulnerability was found in cURL, an easy-to-use + client-side URL transfer library. libcurl's ASN1 parser code has the + GTime2str() function, used for parsing an ASN.1 Generalized Time field. If + given an syntactically incorrect field, the parser might end up crashing + but this flaw can also lead to heap contents getting returned to the + application when CURLINFO_CERTINFO is used. + 7.64.0-4+deb10u9 [Sun, 28 Jan 2024 21:15:21 +0000] Bastien Roucariès <rouca@debian.org>: * Non-maintainer upload by the LTS Team. <http://piuparts.knut.univention.de/5.0-8/#3969885829619805431>
OK: bug OK: yaml OK: announce_errata OK: patch ~OK: piuparts Freexian ships dbgsym packages [5.0-8] 332873b8225 chore(yaml): spelling doc/errata/staging/curl.yaml | 2 -- 1 file changed, 2 deletions(-) [5.0-8] 0b3a2547b3c Bug #57503: curl 7.64.0-4+deb10u10 doc/errata/staging/curl.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x1094>