rpms/curl
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Resolves: CVE-2022-32205 - fix Set-Cookie denial of service

Browse Source
This commit is contained in:
Kamil Dudka 2022-06-29 11:05:48 +02:00
parent c76b2a1a9f
commit 45b18a48b4
2 changed files with 745 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

740
0012-curl-7.82.0-CVE-2022-32205.patch Normal file
View File

File diff suppressed because one or more lines are too long

5
curl.spec
View File

@ -43,6 +43,9 @@ Patch10: 0010-curl-7.82.0-CVE-2022-32208.patch
# fix HTTP compression denial of service (CVE-2022-32206)
Patch11: 0011-curl-7.82.0-CVE-2022-32206.patch
# fix Set-Cookie denial of service (CVE-2022-32205)
Patch12: 0012-curl-7.82.0-CVE-2022-32205.patch
# patch making libcurl multilib ready
Patch101: 0101-curl-7.32.0-multilib.patch
@ -228,6 +231,7 @@ be installed.
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
# Fedora patches
%patch101 -p1
@ -456,6 +460,7 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
%changelog
* Wed Jun 29 2022 Kamil Dudka <kdudka@redhat.com> - 7.82.0-6
- fix Set-Cookie denial of service (CVE-2022-32205)
- fix HTTP compression denial of service (CVE-2022-32206)
- fix FTP-KRB bad message verification (CVE-2022-32208)