curl / Mailing Lists / curl-library / Single Mail

Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

CVE-2022-22623

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Thu, 17 Mar 2022 10:15:53 +0100 (CET)

Hi team,

Apple recently posted https://support.apple.com/en-us/HT213183 about a macOS
upgrade, in which they have also updated curl.

In this note they mention four different CVEs that allegedly have been
addressed in this curl update. Three of them we recognize, but the fourth is
CVE-2022-22623.

This is not a CVE known to us (and we actually have none published in 2022).
This announcement has already caused wild speculations to get posted about
this mystery CVE.

I presume this is just a typo and they actually meant another number. I have
reached out and asked for an update/clarification.

All public curl CVEs are always listed here:

https://curl.se/docs/security.html

-- 
  / daniel.haxx.se
  | Commercial curl support up to 24x7 is available!
  | Private help, bug fixes, support, ports, new features
  | https://curl.se/support.html
-- 
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Received on 2022-03-17

This message: [ Message body ]
Next message: Phil Cole via curl-library: "Re: CVE-2022-22623"
Previous message: Zakrzewski, Jakub via curl-library: "Re: Fedora and curl-minimal"
Next in thread: Phil Cole via curl-library: "Re: CVE-2022-22623"
Reply: Phil Cole via curl-library: "Re: CVE-2022-22623"
Reply: Daniel Stenberg via curl-library: "Re: CVE-2022-22623"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]