This bug was fixed in the package curl - 8.4.0-2ubuntu1
---------------
curl (8.4.0-2ubuntu1) noble; urgency=medium
* Merge from Debian unstable (LP: #2039798). Remaining changes:
- debian/control: Don't build-depend on python3-impacket on i386
so we can drop it (and its dependencies) from the i386 partial port.
It's only used for the tests, which do not block the build in any case.
* Drop patches for CVEs fixed upstream:
- debian/patches/CVE-2023-38039.patch
- debian/patches/CVE-2023-38545.patch
- debian/patches/CVE-2023-38546.patch
* Drop delta merged in Debian
- debian/tests/control
- debian/tests/curl-ldapi-test
-- Danilo Egea Gondolfo <danilo.egea.gondo...@canonical.com> Wed, 01
Nov 2023 12:06:23 +0000
** Changed in: curl (Ubuntu)
Status: Confirmed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-38039
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-38545
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-38546
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to curl in Ubuntu.
https://bugs.launchpad.net/bugs/2039798
Title:
please merge from debian instable 8.4 to address vulnerability
Status in curl package in Ubuntu:
Fix Released
Bug description:
Actually Mantic has 8.2.1 version
A huge security issue is fixed with 8.4 :
https://linuxsecurity.com/news/security-vulnerabilities/curl-8-4-released-for-addressing-a-big-security-vulnerability
changelog: https://curl.se/changes.html
Available on Debian Sid: https://packages.debian.org/sid/curl
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2039798/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
