Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update curl to 7.87.0 #59164

Merged
merged 2 commits into from Jan 11, 2023
Merged

Update curl to 7.87.0 #59164

merged 2 commits into from Jan 11, 2023

Conversation

yongtang
Copy link
Member

@yongtang yongtang commented Jan 8, 2023

This PR updates curl to 7.87.0 to fix the following vulnerabilities in previous 7.86.0 inside tensorflow:

See https://curl.se/docs/security.html

Signed-off-by: Yong Tang yong.tang.github@outlook.com

@yongtang
Update curl to 7.87.0
b34f250 
This PR updates curl to 7.87.0 to fix the following vulnerabilities in previous 7.86.0 inside tensorflow:

- CVE-2022-43552: HTTP Proxy deny use-after-free        2022-12-21
- CVE-2022-43551: Another HSTS bypass via IDN   2022-12-21

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
@yongtang
Fix build failure introduced by curl 7.87
ee70df0 
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
@google-ml-butler google-ml-butler bot added the size:S CL Change Size: Small label Jan 8, 2023
@google-ml-butler google-ml-butler bot added the awaiting review Pull request awaiting review label Jan 8, 2023
@gbaned gbaned added this to Assigned Reviewer in PR Queue via automation Jan 9, 2023
PR Queue automation moved this from Assigned Reviewer to Approved by Reviewer Jan 9, 2023
@google-ml-butler google-ml-butler bot added kokoro:force-run Tests on submitted change ready to pull PR ready for merge process labels Jan 9, 2023
@kokoro-team kokoro-team removed the kokoro:force-run Tests on submitted change label Jan 9, 2023
copybara-service bot pushed a commit to google/tsl that referenced this pull request Jan 11, 2023
@yongtang
PR #59164: Update curl to 7.87.0
e2d4f81 
Imported from GitHub PR tensorflow/tensorflow#59164

This PR updates curl to 7.87.0 to fix the following vulnerabilities in previous 7.86.0 inside tensorflow:

- CVE-2022-43552: HTTP Proxy deny use-after-free   2022-12-21
- CVE-2022-43551: Another HSTS bypass via IDN   2022-12-21

See https://curl.se/docs/security.html

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Copybara import of the project:

--
b34f250825ff5b6f42731126980a7fc32cecf938 by Yong Tang <yong.tang.github@outlook.com>:

Update curl to 7.87.0

This PR updates curl to 7.87.0 to fix the following vulnerabilities in previous 7.86.0 inside tensorflow:

- CVE-2022-43552: HTTP Proxy deny use-after-free        2022-12-21
- CVE-2022-43551: Another HSTS bypass via IDN   2022-12-21

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>

--
ee70df026000371155a5b8a29ac5092ff53b47b5 by Yong Tang <yong.tang.github@outlook.com>:

Fix build failure introduced by curl 7.87

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>

Merging this change closes #59164

PiperOrigin-RevId: 501118606
copybara-service bot pushed a commit to openxla/xla that referenced this pull request Jan 11, 2023
@yongtang
PR #59164: Update curl to 7.87.0
6b5a47f 
Imported from GitHub PR tensorflow/tensorflow#59164

This PR updates curl to 7.87.0 to fix the following vulnerabilities in previous 7.86.0 inside tensorflow:

- CVE-2022-43552: HTTP Proxy deny use-after-free   2022-12-21
- CVE-2022-43551: Another HSTS bypass via IDN   2022-12-21

See https://curl.se/docs/security.html

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Copybara import of the project:

--
b34f250825ff5b6f42731126980a7fc32cecf938 by Yong Tang <yong.tang.github@outlook.com>:

Update curl to 7.87.0

This PR updates curl to 7.87.0 to fix the following vulnerabilities in previous 7.86.0 inside tensorflow:

- CVE-2022-43552: HTTP Proxy deny use-after-free        2022-12-21
- CVE-2022-43551: Another HSTS bypass via IDN   2022-12-21

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>

--
ee70df026000371155a5b8a29ac5092ff53b47b5 by Yong Tang <yong.tang.github@outlook.com>:

Fix build failure introduced by curl 7.87

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>

Merging this change closes #59164

PiperOrigin-RevId: 501118606
@copybara-service copybara-service bot merged commit 39cdab6 into tensorflow:master Jan 11, 2023
PR Queue automation moved this from Approved by Reviewer to Merged Jan 11, 2023
@yongtang yongtang deleted the curl-7.87.0 branch January 11, 2023 08:25
@yongtang yongtang mentioned this pull request Jan 13, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mihaimaruseac mihaimaruseac mihaimaruseac approved these changes

Assignees

@gbaned gbaned

Labels
awaiting review Pull request awaiting review ready to pull PR ready for merge process size:S CL Change Size: Small
Projects
PR Queue
  
Merged
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@yongtang @mihaimaruseac @kokoro-team @gbaned