Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: CVE-2022-22623
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Mon, 21 Mar 2022 22:40:55 +0100 (CET)
On Thu, 17 Mar 2022, Daniel Stenberg via curl-library wrote:
> Apple recently posted https://support.apple.com/en-us/HT213183 about a macOS
> upgrade, in which they have also updated curl.
>
> In this note they mention four different CVEs that allegedly have been
> addressed in this curl update. Three of them we recognize, but the fourth is
> CVE-2022-22623.
As of a few hours ago, the forth CVE is no longer present on that page. In an
email response to me they say they've also requested a rejection of that CVE
to MITRE.
This certainly leaves questions unanswered, but at least the primary issue is
now solved.
Date: Mon, 21 Mar 2022 22:40:55 +0100 (CET)
On Thu, 17 Mar 2022, Daniel Stenberg via curl-library wrote:
> Apple recently posted https://support.apple.com/en-us/HT213183 about a macOS
> upgrade, in which they have also updated curl.
>
> In this note they mention four different CVEs that allegedly have been
> addressed in this curl update. Three of them we recognize, but the fourth is
> CVE-2022-22623.
As of a few hours ago, the forth CVE is no longer present on that page. In an
email response to me they say they've also requested a rejection of that CVE
to MITRE.
This certainly leaves questions unanswered, but at least the primary issue is
now solved.
-- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://curl.se/support.html -- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.htmlReceived on 2022-03-21