Bug 48093
| Summary: | curl: Multiple issues (4.3) | ||
|---|---|---|---|
| Product: | UCS | Reporter: | Quality Assurance <qa> |
| Component: | Security updates | Assignee: | Quality Assurance <qa> |
| Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
| Severity: | normal | ||
| Priority: | P3 | ||
| Version: | UCS 4.3 | ||
| Target Milestone: | UCS 4.3-2-errata | ||
| Hardware: | All | ||
| OS: | Linux | ||
| What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
| Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
| User Pain: | Enterprise Customer affected?: | ||
| School Customer affected?: | ISV affected?: | ||
| Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
| Ticket number: | Bug group (optional): | ||
| Max CVSS v3 score: | 4.4 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L) | ||
|
Description
Quality Assurance
--- mirror/ftp/4.3/unmaintained/component/4.3-2-errata/source/curl_7.52.1-5+deb9u7.dsc +++ apt/ucs_4.3-0-errata4.3-2/source/curl_7.52.1-5+deb9u8.dsc @@ -1,3 +1,10 @@ +7.52.1-5+deb9u8 [Tue, 30 Oct 2018 21:39:11 +0000] Alessandro Ghedini <ghedo@debian.org>: + + * Fix SASL password overflow via integer overflow as per CVE-2018-16839 + https://curl.haxx.se/docs/CVE-2018-16839.html + * Fix warning message out-of-buffer read as per CVE-2018-16842 + https://curl.haxx.se/docs/CVE-2018-16842.html + 7.52.1-5+deb9u7 [Mon, 03 Sep 2018 23:50:29 +0100] Alessandro Ghedini <ghedo@debian.org>: * Fix NTLM password overflow via integer overflow as per CVE-2018-14618 <http://10.200.17.11/4.3-2/#4428784599835295281> OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-2] 07d237c2d5 Bug #48093: curl 7.52.1-5+deb9u8 doc/errata/staging/curl.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) |