This repository has been archived by the owner on Oct 10, 2023. It is now read-only.
0.233.0
cf-buildpacks-eng
released this
31 Mar 13:58
·
137 commits
to main
since this release
Notably, this release addresses:
USN-4898-1 USN-4898-1: curl vulnerabilities:
- CVE-2021-22890: TLS 1.3 session ticket proxy host mixup
- CVE-2021-22876: libcurl does not strip off user credentials from the URL when automatically populating the
Referer:
HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.
-ii curl 7.58.0-2ubuntu3.12 amd64 command line tool for transferring data with URL syntax
+ii curl 7.58.0-2ubuntu3.13 amd64 command line tool for transferring data with URL syntax
-ii libcurl3-gnutls:amd64 7.58.0-2ubuntu3.12 amd64 easy-to-use client-side URL transfer library (GnuTLS flavour)
-ii libcurl4:amd64 7.58.0-2ubuntu3.12 amd64 easy-to-use client-side URL transfer library (OpenSSL flavour)
-ii libcurl4-openssl-dev:amd64 7.58.0-2ubuntu3.12 amd64 development files and documentation for libcurl (OpenSSL flavour)
+ii libcurl3-gnutls:amd64 7.58.0-2ubuntu3.13 amd64 easy-to-use client-side URL transfer library (GnuTLS flavour)
+ii libcurl4:amd64 7.58.0-2ubuntu3.13 amd64 easy-to-use client-side URL transfer library (OpenSSL flavour)
+ii libcurl4-openssl-dev:amd64 7.58.0-2ubuntu3.13 amd64 development files and documentation for libcurl (OpenSSL flavour)