Parent Directory | Revision Log
MGASA-2021-0186: curl-7.74.0-1.1.mga8, curl-7.71.0-1.2.mga7
1 | type: security |
2 | subject: Updated curl packages fix security vulnerabilities |
3 | CVE: |
4 | - CVE-2021-22876 |
5 | - CVE-2021-22890 |
6 | src: |
7 | 7: |
8 | core: |
9 | - curl-7.71.0-1.2.mga7 |
10 | 8: |
11 | core: |
12 | - curl-7.74.0-1.1.mga8 |
13 | description: | |
14 | libcurl does not strip off user credentials from the URL when automatically |
15 | populating the Referer: HTTP request header field in outgoing HTTP requests, |
16 | and therefore risks leaking sensitive data to the server that is the target of |
17 | the second HTTP request. (CVE-2021-22876) |
18 | |
19 | TLS 1.3 session ticket proxy host mixup. (CVE-2021-22890) |
20 | references: |
21 | - https://bugs.mageia.org/show_bug.cgi?id=28688 |
22 | - https://curl.se/docs/CVE-2021-22876.html |
23 | - https://curl.se/docs/CVE-2021-22890.html |
24 | - https://curl.se/changes.html |
25 | ID: MGASA-2021-0186 |
ViewVC Help | |
Powered by ViewVC 1.1.30 |