Source: curl Version: 7.88.1-9 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerabilities were published for curl. CVE-2023-28319[0]: | UAF in SSH sha256 fingerprint check CVE-2023-28320[1]: | siglongjmp race condition CVE-2023-28321[2]: | IDN wildcard match CVE-2023-28322[3]: | more POST-after-PUT confusion If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-28319 https://www.cve.org/CVERecord?id=CVE-2023-28319 [1] https://security-tracker.debian.org/tracker/CVE-2023-28320 https://www.cve.org/CVERecord?id=CVE-2023-28320 [2] https://security-tracker.debian.org/tracker/CVE-2023-28321 https://www.cve.org/CVERecord?id=CVE-2023-28321 [3] https://security-tracker.debian.org/tracker/CVE-2023-28322 https://www.cve.org/CVERecord?id=CVE-2023-28322 Regards, Salvatore
