Bug 14184

Summary: curl 8.4 CVE
Product: [ROSA-based products] ROSA Fresh Reporter: Vladimir Potapov <v.potapov>
Component: Preinstalled software in the ISOAssignee: ROSA Linux Bugs <bugs>
Status: VERIFIED FIXED QA Contact: ROSA Linux Bugs <bugs>
Severity: blocker    
Priority: Highest CC: a.proklov, e.malashin
Version: AllFlags: v.potapov: qa_verified+
v.potapov: secteam_verified?
a.proklov: published+
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Platform: --- ROSA Vulnerability identifier:
RPM Package: ISO-related:
Bad POT generating: Upstream:

Description Vladimir Potapov 2023-12-28 17:22:39 MSK 
https://nvd.nist.gov/vuln/detail/CVE-2023-46218 Exploit!
Comment 1 Vladimir Potapov 2023-12-28 17:25:06 MSK 
https://nvd.nist.gov/vuln/detail/CVE-2023-46219 Exploit!
Comment 2 Aleksandr Proklov 2024-01-11 05:15:52 MSK 
уязвимости закрыты обновлением версии

curl	8.5.0-1

https://abf.io/build_lists/4952736
https://abf.io/build_lists/4952737 x64
https://abf.io/build_lists/4952738
https://abf.io/build_lists/4952739
https://abf.io/build_lists/4952740
Comment 3 e.malashin@rosalinux.ru 2024-01-12 11:23:08 MSK 
The update sent to testings
Comment 4 Vladimir Potapov 2024-01-23 10:50:43 MSK 
curl-8.5.0-1
https://abf.io/build_lists/4952736
https://abf.io/build_lists/4952737 x64
https://abf.io/build_lists/4952738
https://abf.io/build_lists/4952739
https://abf.io/build_lists/4952740
**************************** Advisory **************************
CVEs fix via version update
****************************************************************
QA Verified