32795 – curl new security issue CVE-2024-0853

Bug 32795 - curl new security issue CVE-2024-0853

Summary: curl new security issue CVE-2024-0853

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Dan Fandrich
QA Contact:	Sec team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2024-01-31 10:32 CET by Nicolas Salguero
Modified:	2024-01-31 23:47 CET (History)
CC List:	0 users

See Also:
Source RPM:	curl-8.5.0-1.mga10.src.rpm
CVE:	CVE-2024-0853
Status comment:	fixed upstream in 8.6.0; only affects version 8.5.0 so Mageia 9 is not affected

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2024-01-31 10:32:25 CET

cURL has issued an advisory today (January 31):
https://curl.se/docs/CVE-2024-0853.html

The issue is fixed upstream in 8.6.0.

That CVE only affects version 8.5.0 so Mageia 9 is not affected, only Cauldron needs to be updated.

Nicolas Salguero 2024-01-31 10:33:01 CET

CVE: (none) => CVE-2024-0853
Source RPM: (none) => curl-8.5.0-1.mga10.src.rpm

Comment 1 Lewis Smith 2024-01-31 21:01:37 CET

Dan, is it all right to assign this to you since you did the last two version updates to fix CVEs?

Assignee: bugsquad => dan
Status comment: (none) => fixed upstream in 8.6.0; only affects version 8.5.0 so Mageia 9 is not affected

Comment 2 Dan Fandrich 2024-01-31 21:24:58 CET

Sure. A version bump in Cauldron should be quick and easy (famous last words).

Status: NEW => ASSIGNED

Comment 3 Dan Fandrich 2024-01-31 23:47:31 CET

curl-8.6.0-1.mga10 is now available in Cauldron.

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.