FEDORA-2022-01ffde372c — security update for curl

stable

curl-7.82.0-9.fc36

FEDORA-2022-01ffde372c created by kdudka 5 months ago for Fedora 36

url: use IDN decoded names for HSTS checks (CVE-2022-42916)
http_proxy: restore the protocol pointer on error (CVE-2022-42915)
netrc: replace fgets with Curl_get_line (CVE-2022-35260)
fix POST following PUT confusion (CVE-2022-32221)

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2022-01ffde372c

This update has been submitted for testing by kdudka.

5 months ago

This update's test gating status has been changed to 'waiting'.

5 months ago

This update's test gating status has been changed to 'passed'.

5 months ago

This update has been pushed to testing.

5 months ago

kdudka edited this update.

5 months ago

bojan commented & provided feedback 5 months ago

karma

Works.

pampelmuse commented & provided feedback 5 months ago

karma

Works for me.

This update can be pushed to stable now if the maintainer wishes

5 months ago

norenh commented & provided feedback 5 months ago

karma

No regressions detected

This update has been submitted for stable by bodhi.

5 months ago

This update has been pushed to stable.

5 months ago

kdudka commented & provided feedback 5 months ago

Thank you for testing the update!

atim provided feedback 4 months ago

karma

Please login to add feedback.

Metadata

Type

security

Severity

medium

Karma

Signed

Content Type

RPM

Test Gating

passed

Builds

curl-7.82.0-9.fc36

Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

14 days

Dates

submitted

5 months ago

in testing

5 months ago

in stable

5 months ago

modified

5 months ago

BZ#2137769 CVE-2022-42916 curl: HSTS bypass via IDN [fedora-all]

BZ#2137780 CVE-2022-32221 curl: POST following PUT confusion [fedora-all]

BZ#2138111 CVE-2022-42915 curl: HTTP proxy double-free [fedora-all]

curl-7.82.0-9.fc36

Automated Test Results

passed