– url: use IDN decoded names for HSTS checks (CVE-2022-42916) – http_proxy: restore the protocol pointer on error (CVE-2022-42915) – netrc: replace fgets with Curl_get_line (CVE-2022-35260) – fix POST following PUT confusion (CVE-2022-32221)
Archive for October 30th, 2022
6 results.
Comment
Update to 2.28.1
– Update to 1.2.22
– Update to 1.2.22
Nicky Mouha discovered a buffer overflow in ‘sha3’, a Python library for the SHA-3 hashing functions. For the stable distribution (bullseye), this problem has been fixed in
A heap use-after-free vulnerability after overeager destruction of a shared DTD in the XML_ExternalEntityParserCreate function in Expat, an XML parsing C library, may result in denial of service or potentially the execution of arbitrary code.