CVE-2022-32221 in bundled curl library #102
Comments
|
Hello, Thank you for doing that! For this repository, I don't want to apply it via a specfile patch as it will do it on all platforms. Thanks again for handling this on EPEL! Cheers, |
mpatrascoiu
added a commit
that referenced
this issue
Dec 20, 2022
The patch is applied during the CMake preparation step, before compiling the bundled curl source code. Closes davix #102
|
Thank you again for reporting and patching this for EPEL. The issue has been addressed here as well. The next Davix release ( Cheers, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://curl.se/docs/CVE-2022-32221.html
Affected versions: libcurl 7.7 to and including 7.85.0
Not affected versions: libcurl < 7.7 and >= 7.86.0
davix bundles 7.69.0
The bundled library is used in the EPEL 7 and EPEL 8 builds, because the system version is too old.
EPEL 9 and Fedora uses the system version.
I have backported the commit fixing the CVE (a one line patch) to the packages in EPEL 7 and EPEL 8.
The text was updated successfully, but these errors were encountered: