Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This should take care of the following CVEs: ``` +----------+------------------+----------+-------------------+------------------+--------------------------------------+ | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +----------+------------------+----------+-------------------+------------------+--------------------------------------+ | curl | CVE-2020-8169 | HIGH | 7.64.0-4+deb10u1 | 7.64.0-4+deb10u2 | libcurl: partial password | | | | | | | leak over DNS on HTTP redirect | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8169 | + +------------------+ + + +--------------------------------------+ | | CVE-2020-8177 | | | | curl: Incorrect argument | | | | | | | check can allow remote servers | | | | | | | to overwrite local files... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8177 | + +------------------+ + + +--------------------------------------+ | | CVE-2020-8231 | | | | curl: Expired pointer | | | | | | | dereference via multi API with | | | | | | | `CURLOPT_CONNECT_ONLY` option set | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8231 | + +------------------+ + + +--------------------------------------+ | | CVE-2020-8285 | | | | curl: malicious FTP server can | | | | | | | trigger stack overflow when | | | | | | | CURLOPT_CHUNK_BGN_FUNCTION | | | | | | | is used... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8285 | + +------------------+ + + +--------------------------------------+ | | CVE-2020-8286 | | | | curl: inferior OCSP verification | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8286 | +----------+------------------+ + + +--------------------------------------+ | libcurl4 | CVE-2020-8169 | | | | libcurl: partial password | | | | | | | leak over DNS on HTTP redirect | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8169 | + +------------------+ + + +--------------------------------------+ | | CVE-2020-8177 | | | | curl: Incorrect argument | | | | | | | check can allow remote servers | | | | | | | to overwrite local files... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8177 | + +------------------+ + + +--------------------------------------+ | | CVE-2020-8231 | | | | curl: Expired pointer | | | | | | | dereference via multi API with | | | | | | | `CURLOPT_CONNECT_ONLY` option set | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8231 | + +------------------+ + + +--------------------------------------+ | | CVE-2020-8285 | | | | curl: malicious FTP server can | | | | | | | trigger stack overflow when | | | | | | | CURLOPT_CHUNK_BGN_FUNCTION | | | | | | | is used... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8285 | + +------------------+ + + +--------------------------------------+ | | CVE-2020-8286 | | | | curl: inferior OCSP verification | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8286 | +----------+------------------+----------+-------------------+------------------+--------------------------------------+ ```
- Loading branch information