* SECURITY UPDATE: OAUTH2 bypass
- debian/patches/CVE-2022-22576.patch: check sasl additional
parameters for conn resuse in lib/strcase.c, lib/strcase.h,
lib/url.c, lib/urldata.h, lib/vtls/vtls.c.
- CVE-2022-22576
* SECURITY UPDATE: Credential leak on redirect
- debian/patches/CVE-2022-27774-1.patch: store conn_remote_port
in the info struct to make it available after the connection ended
in lib/connect.c, lib/urldata.h.
- debian/patches/CVE-2022-27774-2.patch: redirects to other protocols
or ports clear auth in lib/transfer.c.
- debian/patches/CVE-2022-27774-3*.patch: adds tests to verify
these fix in tests/data/Makefile.inc, tests/data/test973,
tests/data/test974, tests/data/test975, tests/data/test976.
- CVE-2022-27774
* SECURITY UPDATE: Bad local IPV6 connection reuse
- debian/patches/CVE-2022-27775.patch: include the zone id in the
'bundle' haskey in lib/conncache.c.
- CVE-2022-27775
* SECURITY UPDATE: Auth/cookie leak on redirect
- debian/patches/CVE-2022-27776.patch: avoid auth/cookie on redirects
same host diff port in lib/http.c, lib/urldata.h.
- CVE-2022-27776
This bug was fixed in the package curl - 7.68.0-1ubuntu2.10
--------------- 1ubuntu2. 10) focal-security; urgency=medium
curl (7.68.0-
* SECURITY UPDATE: OAUTH2 bypass patches/ CVE-2022- 22576.patch: check sasl additional patches/ CVE-2022- 27774-1. patch: store conn_remote_port patches/ CVE-2022- 27774-2. patch: redirects to other protocols patches/ CVE-2022- 27774-3* .patch: adds tests to verify Makefile. inc, tests/data/test973, data/test974, tests/data/test975, tests/data/test976. patches/ CVE-2022- 27775.patch: include the zone id in the patches/ CVE-2022- 27776.patch: avoid auth/cookie on redirects
- debian/
parameters for conn resuse in lib/strcase.c, lib/strcase.h,
lib/url.c, lib/urldata.h, lib/vtls/vtls.c.
- CVE-2022-22576
* SECURITY UPDATE: Credential leak on redirect
- debian/
in the info struct to make it available after the connection ended
in lib/connect.c, lib/urldata.h.
- debian/
or ports clear auth in lib/transfer.c.
- debian/
these fix in tests/data/
tests/
- CVE-2022-27774
* SECURITY UPDATE: Bad local IPV6 connection reuse
- debian/
'bundle' haskey in lib/conncache.c.
- CVE-2022-27775
* SECURITY UPDATE: Auth/cookie leak on redirect
- debian/
same host diff port in lib/http.c, lib/urldata.h.
- CVE-2022-27776
-- Leonidas Da Silva Barbosa <email address hidden> Mon, 25 Apr 2022 10:02:10 -0300