Bug 14424

Summary:	[CVE 21] curl 8.5.0 CVE found
Product:	[ROSA-based products] ROSA Fresh	Reporter:	Arsenii <a.konovalov>
Component:	Net (ssh, samba, ssl, NM...)	Assignee:	Mikhail Novosyolov <m.novosyolov>
Status:	VERIFIED FIXED	QA Contact:	ROSA Linux Bugs <bugs>
Severity:	normal
Priority:	Normal	CC:	a.proklov, e.malashin, s.matveev, v.potapov
Version:	All	Flags:	v.potapov: qa_verified+ a.konovalov: secteam_verified? a.proklov: published+
Target Milestone:	2021.1 Fresh R12
Hardware:	All
OS:	Linux
Whiteboard:
Platform:	2021.1	ROSA Vulnerability identifier:
RPM Package:		ISO-related:
Bad POT generating:		Upstream:

Description Arsenii 2024-04-16 16:33:44 MSK

https://nvd.nist.gov/vuln/detail/CVE-2024-0853 MEDIUM

Comment 1 Svyatoslav Matveev 2024-04-16 18:45:48 MSK

********** QA ADVISORY **********

Уязвимость закрыто обновлением.

Ссылка на исправление:
https://github.com/curl/curl/commit/c28e9478cb2548848eca9b765d0d409bfb18668c

*** curl
**  update to 8.7.1

https://abf.io/build_lists/5022874 (x86_64)
https://abf.io/build_lists/5022875
https://abf.io/build_lists/5022876
https://abf.io/build_lists/5022877
https://abf.io/build_lists/5022878

Comment 2 e.malashin@rosalinux.ru 2024-04-17 13:02:24 MSK

The update sent to testings

Comment 3 Vladimir Potapov 2024-04-24 16:33:00 MSK

curl-8.7.1-1
https://abf.io/build_lists/5022874 (x86_64)
https://abf.io/build_lists/5022875
https://abf.io/build_lists/5022876
https://abf.io/build_lists/5022877
https://abf.io/build_lists/5022878
*************************** Advisory *******************************
CVE fixed by patch
********************************************************************
QA Verified