Comment 2 for bug 2009332

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tools (master)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/877072
Committed: https://opendev.org/starlingx/tools/commit/356407865c350835a9bbd46d7b55aa1dc0f373e8
Submitter: "Zuul (22348)"
Branch: master

commit 356407865c350835a9bbd46d7b55aa1dc0f373e8
Author: Li Zhou <email address hidden>
Date: Thu Mar 9 10:02:45 2023 +0800

    Debian: curl : fix CVE-2023-23916

    Upgrade packages to below version to fix CVE-2023-23916:
    curl_7.74.0-1.3+deb11u7_amd64.deb
    libcurl3-gnutls_7.74.0-1.3+deb11u7_amd64.deb
    libcurl4_7.74.0-1.3+deb11u7_amd64.deb
    libcurl4-gnutls-dev_7.74.0-1.3+deb11u7_amd64.deb
    libcurl4-openssl-dev_7.74.0-1.3+deb11u7_amd64.deb

    Refer to:
    https://security-tracker.debian.org/tracker/CVE-2023-23916

    Test Plan:
    Pass: downloader
    Pass: build-pkgs --clean --all
    Pass: build-image
    Pass: boot

    Closes-bug: #2009332

    Signed-off-by: Li Zhou <email address hidden>
    Change-Id: I9a802997067ec04a27267c79e4d8aefacefd8c83