Bug 32795

Summary: curl new security issue CVE-2024-0853
Product: Mageia Reporter: Nicolas Salguero <nicolas.salguero>
Component: SecurityAssignee: Dan Fandrich <dan>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: curl-8.5.0-1.mga10.src.rpm CVE: CVE-2024-0853
Status comment: fixed upstream in 8.6.0; only affects version 8.5.0 so Mageia 9 is not affected

Description Nicolas Salguero 2024-01-31 10:32:25 CET 
cURL has issued an advisory today (January 31):
https://curl.se/docs/CVE-2024-0853.html

The issue is fixed upstream in 8.6.0.

That CVE only affects version 8.5.0 so Mageia 9 is not affected, only Cauldron needs to be updated.
Nicolas Salguero 2024-01-31 10:33:01 CET

CVE: (none) => CVE-2024-0853
Source RPM: (none) => curl-8.5.0-1.mga10.src.rpm

Comment 1 Lewis Smith 2024-01-31 21:01:37 CET 
Dan, is it all right to assign this to you since you did the last two version updates to fix CVEs?

Assignee: bugsquad => dan
Status comment: (none) => fixed upstream in 8.6.0; only affects version 8.5.0 so Mageia 9 is not affected

Comment 2 Dan Fandrich 2024-01-31 21:24:58 CET 
Sure. A version bump in Cauldron should be quick and easy (famous last words).

Status: NEW => ASSIGNED

Comment 3 Dan Fandrich 2024-01-31 23:47:31 CET 
curl-8.6.0-1.mga10 is now available in Cauldron.

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED