Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update curl to latest 7.83.1 #56060

Merged
merged 1 commit into from May 11, 2022
Merged

Conversation

yongtang
Copy link
Member

@yongtang yongtang commented May 11, 2022

This PR updates curl to latest 7.83.1 to fix the following vulnerabilities in 7.83.0:

See https://curl.se/docs/security.html for details

Signed-off-by: Yong Tang yong.tang.github@outlook.com

This PR updates curl to latest 7.83.1 to fix the following vulnerabilities in 7.83.0:
- 121	CVE-2022-30115: HSTS bypass via trailing dot
- 120	CVE-2022-27782: TLS and SSH connection too eager reuse
- 119	CVE-2022-27781: CERTINFO never-ending busy-loop
- 118	CVE-2022-27780: percent-encoded path separator in URL host
- 117	CVE-2022-27779: cookie for trailing dot TLD
- 116	CVE-2022-27778: curl removes wrong file on error

See https://curl.se/docs/security.html for details

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
@google-ml-butler google-ml-butler bot added the size:XS label May 11, 2022
@yongtang
Copy link
Member Author

yongtang commented May 11, 2022

@mihaimaruseac There a quite a few vulnerabilities in curl 7.83.0.

I don't know if the update has already been applied internally in google or not. Please feel free to close the PR if it has been taken care of.

@gbaned gbaned added this to Assigned Reviewer in PR Queue via automation May 11, 2022
@gbaned gbaned requested a review from mihaimaruseac May 11, 2022
@google-ml-butler google-ml-butler bot added the awaiting review label May 11, 2022
PR Queue automation moved this from Assigned Reviewer to Approved by Reviewer May 11, 2022
@google-ml-butler google-ml-butler bot added kokoro:force-run ready to pull labels May 11, 2022
@kokoro-team kokoro-team removed the kokoro:force-run label May 11, 2022
@copybara-service copybara-service bot merged commit 52488e5 into tensorflow:master May 11, 2022
11 of 14 checks passed
mihaimaruseac pushed a commit that referenced this issue May 11, 2022
mihaimaruseac pushed a commit that referenced this issue May 11, 2022
mihaimaruseac pushed a commit that referenced this issue May 11, 2022
mihaimaruseac pushed a commit that referenced this issue May 11, 2022
mihaimaruseac added a commit that referenced this issue May 11, 2022
…0c6af09ee0d4c711611-on-r2.9

Merge pull request #56060 from yongtang:curl-7.83.1
mihaimaruseac added a commit that referenced this issue May 11, 2022
…0c6af09ee0d4c711611-on-r2.8

Merge pull request #56060 from yongtang:curl-7.83.1
mihaimaruseac added a commit that referenced this issue May 11, 2022
…0c6af09ee0d4c711611-on-r2.7

Merge pull request #56060 from yongtang:curl-7.83.1
mihaimaruseac added a commit that referenced this issue May 11, 2022
Merge pull request #56060 from yongtang:curl-7.83.1
@yongtang yongtang deleted the curl-7.83.1 branch May 11, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
awaiting review ready to pull size:XS
Projects
PR Queue
  
Approved by Reviewer
Development

Successfully merging this pull request may close these issues.

None yet

4 participants