[SECURITY] [DSA 5460-1] curl security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5460-1] curl security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Wed, 26 Jul 2023 19:36:53 +0000
Message-id: <[🔎] ZMF11UwWP9b0+MW8@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5460-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
July 26, 2023                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : curl
CVE ID         : CVE-2023-32001

It was discovered that Curl performed incorrect file path handling when
saving cookies to files, which could lead to the creation or overwriting
of files.

The oldstable distribution (bullseye) is not affected.

For the stable distribution (bookworm), this problem has been fixed in
version 7.88.1-10+deb12u1.

We recommend that you upgrade your curl packages.

For the detailed security status of curl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/curl

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmTBdbYACgkQEMKTtsN8
TjbfTBAAmujUmVYytNJLsiCxp0HhaIEblUWK5kI5g0J2zNqIYvc3XZ92Zy64jiIn
3Iwm8qptjSY0JfhQK22X8gKOWtUfjmFiiPNZuvtIn09/9VXKq2c0U+h/uht2gTx4
VaEwFOux8nJHesXDZkWAbfuVlt8trSnfRisEJiaHOggjCz3MZZ/Zhc/FeSgR7cTx
+udiMlseaqcjtDG0P9S7PLvG8Jf4w/jtG1kFzRvzJbJYczAwQ67wAJi5lmsbdK00
txg6Eljmf7JkaYhi0z2pi8w7KbIRhygzkTa97rM0i4BupOO3IcLV0TiosMSRdcXr
Zij0ndo8WIiS5FtOR32bi5Du35uh0HufGtvaL97vyxglKv7IjbPVLRntLMNwTyrM
VXt4Hy/FHZPUkpNxqurfQwK+I++QUj0Sd3p5AJPD8/DHipP6ffMNPpb3oARBrsev
uuGmk3tKW3NcTaYQGPo76QhXAc2R/9szMjQYOj/0T07xElYYWU+BBh44W9rIuQZY
+dssf/X3GXzub9NPJSKrYZoCloT+U7JhqIi+D5GidXeZP2DXBdQMWrX2y6T1t0S0
pN7fjknB+jnbMRrjpqntzJ52x0lT3b8m7IjrG7yLA3moUPrDO7lzlneN1wptJ5sw
qFeAvOu3UehQy6HYEz44Xafk7sIl15LgNZRPZpJQK4u+1xtjI+E=
=JrDz
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5459-1] amd64-microcode security update
Next by Date: [SECURITY] [DSA 5461-1] linux security update
Previous by thread: [SECURITY] [DSA 5459-1] amd64-microcode security update
Next by thread: [SECURITY] [DSA 5461-1] linux security update
Index(es):
- Date
- Thread