cURL has issued advisories today (February 15):
The issues are fixed upstream in 7.88.0.
Stig-Ørjan has already updated Cauldron.
Mageia 8 is also affected by CVE-2023-23916.
Assigning to Stig, but if this is not appropriate, CC'ing NicolasS who did the last CVE update.
7.88.0 was sent to the build system for Cauldron earlier today.
(In reply to Stig-Ørjan Smelror from comment #2)
> 7.88.0 was sent to the build system for Cauldron earlier today.
Yes, already noted. Mageia 8 needs to be patched.
The updated packages fix a security vulnerability:
HTTP multi-header compression denial of service. (CVE-2023-23916)
Updated packages in core/updates_testing:
As in bug 31306 rebooted, wifi is OK and checked settingsn in Netwerk Center: all OK.
mga8 -64, plasma, nvidia-current, intel i7, Swedish
Updated existing packages to:
downloaded a file from internet OK
Due to Bug 24362 - Change default package downloader to wget
*I* am *not* testing it for updates use
Validating. Advisory in comment 4.
An update for this issue has been pushed to the Mageia Updates repository.