Skip to content
This repository has been archived by the owner on Oct 10, 2023. It is now read-only.

0.233.0
Compare
Choose a tag to compare
@cf-buildpacks-eng cf-buildpacks-eng released this 31 Mar 13:58
· 137 commits to main since this release
0.233.0
627b7cd

Notably, this release addresses:

USN-4898-1 USN-4898-1: curl vulnerabilities:

  • CVE-2021-22890: TLS 1.3 session ticket proxy host mixup
  • CVE-2021-22876: libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.
-ii  curl                       7.58.0-2ubuntu3.12  amd64  command line tool for transferring data with URL syntax
+ii  curl                       7.58.0-2ubuntu3.13  amd64  command line tool for transferring data with URL syntax
-ii  libcurl3-gnutls:amd64      7.58.0-2ubuntu3.12  amd64  easy-to-use client-side URL transfer library (GnuTLS flavour)
-ii  libcurl4:amd64             7.58.0-2ubuntu3.12  amd64  easy-to-use client-side URL transfer library (OpenSSL flavour)
-ii  libcurl4-openssl-dev:amd64 7.58.0-2ubuntu3.12  amd64  development files and documentation for libcurl (OpenSSL flavour)
+ii  libcurl3-gnutls:amd64      7.58.0-2ubuntu3.13  amd64  easy-to-use client-side URL transfer library (GnuTLS flavour)
+ii  libcurl4:amd64             7.58.0-2ubuntu3.13  amd64  easy-to-use client-side URL transfer library (OpenSSL flavour)
+ii  libcurl4-openssl-dev:amd64 7.58.0-2ubuntu3.13  amd64  development files and documentation for libcurl (OpenSSL flavour)
Assets 3