it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Moritz Muehlenhoff <jmm AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 5460-1] curl security update
- Date: Wed, 26 Jul 2023 19:36:53 +0000
- Authentication-results: mail.piratenpartei.de; dkim=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 2001:41b8:202:deb:216:36ff:fe40:4002) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
- List-archive: https://lists.debian.org/msgid-search/ZMF11UwWP9b0+MW8 AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=x4ThadLe+3rQdjeTjPT1u76W+GA6u84g+Si1HMaVc3o=; b=QB AT0kIeW4Bh3eGJ8NFGg2ltqUKNkOmzdd4DMLWoPDyyU7K/VwgC0JDYnNhrJP3LTBE1s2epS7NF2D1 dLsXGc/AXP5+JvdjUel27/A9QBBKX2V4ssYwRc62vAdeNxXZTCVirWkPXQtYV4AFVmTdBM6UfpCc7 InakuyavCQpjBAm0EXKPaXt4PGomk9wYJGRpsvjdfhW6kQTCrJRvWt/Sh7KUlErR9jHr8x3NECF+Y afTxxcL2PeQBztwjjef/0fs6958S5VKCLcMMfMZnnk0ZiUSjXwkmF01ApMezycneR37wWKO8rKmNZ ZJk1qtsxF3pXk8d0TumPh7Id8Uur3FZQ==;
- Old-return-path: <jmm AT seger.debian.org>
- Priority: urgent
- Resent-date: Wed, 26 Jul 2023 19:37:20 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <NbAjAoIQfFO.A.Gx.vXXwkB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5460-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
July 26, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : curl
CVE ID : CVE-2023-32001
It was discovered that Curl performed incorrect file path handling when
saving cookies to files, which could lead to the creation or overwriting
of files.
The oldstable distribution (bullseye) is not affected.
For the stable distribution (bookworm), this problem has been fixed in
version 7.88.1-10+deb12u1.
We recommend that you upgrade your curl packages.
For the detailed security status of curl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/curl
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmTBdbYACgkQEMKTtsN8
TjbfTBAAmujUmVYytNJLsiCxp0HhaIEblUWK5kI5g0J2zNqIYvc3XZ92Zy64jiIn
3Iwm8qptjSY0JfhQK22X8gKOWtUfjmFiiPNZuvtIn09/9VXKq2c0U+h/uht2gTx4
VaEwFOux8nJHesXDZkWAbfuVlt8trSnfRisEJiaHOggjCz3MZZ/Zhc/FeSgR7cTx
+udiMlseaqcjtDG0P9S7PLvG8Jf4w/jtG1kFzRvzJbJYczAwQ67wAJi5lmsbdK00
txg6Eljmf7JkaYhi0z2pi8w7KbIRhygzkTa97rM0i4BupOO3IcLV0TiosMSRdcXr
Zij0ndo8WIiS5FtOR32bi5Du35uh0HufGtvaL97vyxglKv7IjbPVLRntLMNwTyrM
VXt4Hy/FHZPUkpNxqurfQwK+I++QUj0Sd3p5AJPD8/DHipP6ffMNPpb3oARBrsev
uuGmk3tKW3NcTaYQGPo76QhXAc2R/9szMjQYOj/0T07xElYYWU+BBh44W9rIuQZY
+dssf/X3GXzub9NPJSKrYZoCloT+U7JhqIi+D5GidXeZP2DXBdQMWrX2y6T1t0S0
pN7fjknB+jnbMRrjpqntzJ52x0lT3b8m7IjrG7yLA3moUPrDO7lzlneN1wptJ5sw
qFeAvOu3UehQy6HYEz44Xafk7sIl15LgNZRPZpJQK4u+1xtjI+E=
=JrDz
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 5460-1] curl security update, Moritz Muehlenhoff, 26.07.2023
Archiv bereitgestellt durch MHonArc 2.6.24.