Overview

File _patchinfo of Package patchinfo.19620

<patchinfo incident="19620">
  <issue tracker="bnc" id="1186114">VUL-0: EMBARGOED: CVE-2021-22898: curl: TELNET stack contents disclosure (1/2)</issue>
  <issue tracker="cve" id="2021-22898"/>
  <issue tracker="jsc" id="SLE-17956"/>
  <packager>pmonrealgonzalez</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for curl</summary>
  <description>This update for curl fixes the following issues:

- CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114).
- Allow partial chain verification [jsc#SLE-17956]
  * Have intermediate certificates in the trust store be treated
    as trust-anchors, in the same way as self-signed root CA
    certificates are. This allows users to verify servers using
    the intermediate cert only, instead of needing the whole chain.
  * Set FLAG_TRUSTED_FIRST unconditionally.
  * Do not check partial chains with CRL check.
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places