oss-sec mailing list archives
There is a curl "severity HIGH security problem" pre-announcement on GitHub
From: Erik Auerswald <auerswal () unix-ag uni-kl de>
Date: Thu, 5 Oct 2023 10:14:49 +0200
Hi, there is a pre-announcement of a curl security problem with high severity that can be found on GitHub: - https://github.com/curl/curl/discussions - https://github.com/curl/curl/discussions/12026 (I have seen a link to it from some web site, and did not see it on this list yet.) There is little information available, the GitHub discussions post says: "We are cutting the release cycle short and will release curl 8.4.0 on October 11, including fixes for a severity HIGH CVE and one severity LOW. The one rated HIGH is probably the worst curl security flaw in a long time. The new version and details about the two CVEs will be published around 06:00 UTC on the release day. * CVE-2023-38545: severity HIGH (affects both libcurl and the curl tool) * CVE-2023-38546: severity LOW (affects libcurl only, not the tool) Now you know. Plan accordingly." Best regards, Erik
Current thread:
- There is a curl "severity HIGH security problem" pre-announcement on GitHub Erik Auerswald (Oct 05)
- Re: There is a curl "severity HIGH security problem" pre-announcement on GitHub Shawn Webb (Oct 05)
- Re: There is a curl "severity HIGH security problem" pre-announcement on GitHub Fabian Keil (Oct 05)
- Re: There is a curl "severity HIGH security problem" pre-announcement on GitHub Shawn Webb (Oct 05)