Overview

File _patchinfo of Package patchinfo.28863

<patchinfo incident="28863">
  <issue tracker="jsc" id="PED-2580"/>
  <issue tracker="bnc" id="1211230">VUL-0: EMBARGOED: CVE-2023-28319: curl:  use-after-free in SSH sha256 fingerprint check</issue>
  <issue tracker="bnc" id="1211233">VUL-0: EMBARGOED: CVE-2023-28322: curl: POST-after-PUT confusion</issue>
  <issue tracker="bnc" id="1211231">VUL-0: EMBARGOED: CVE-2023-28320: curl: siglongjmp race condition</issue>
  <issue tracker="bnc" id="1211232">VUL-0: EMBARGOED: CVE-2023-28321: curl: IDN wildcard match</issue>
  <issue tracker="cve" id="2023-28319"/>
  <issue tracker="cve" id="2023-28320"/>
  <issue tracker="cve" id="2023-28321"/>
  <issue tracker="cve" id="2023-28322"/>
  <packager>pmonrealgonzalez</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for curl</summary>
  <description>This update for curl adds the following feature:

Update to version 8.0.1 (jsc#PED-2580)

- CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230).
- CVE-2023-28320: siglongjmp race condition (bsc#1211231).
- CVE-2023-28321: IDN wildcard matching (bsc#1211232).
- CVE-2023-28322: POST-after-PUT confusion (bsc#1211233).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places