Thu 1 Sep 2022 CVE-2022-35252 curl

Post Reply
User avatar
SalixManiac
Posts: 81
Joined: 15. Apr 2022, 02:26

Thu 1 Sep 2022 CVE-2022-35252 curl

Post by SalixManiac » 11. Sep 2022, 15:39

slackware64-14.2
Thu Sep 1 03:08:39 UTC 2022
patches/packages/curl-7.85.0-x86_64-1_slack14.2.txz: Upgraded.
This update fixes a security issue:
control code in cookie denial of service.
For more information, see:
https://curl.se/docs/CVE-2022-35252.html
https://cve.mitre.org/cgi-bin/cvename.c ... 2022-35252
(* Security fix *)

Hello,
a small change between curl-7.84 and curl-7.85, the slackbuild of curl-7.85.0-x86_64-1 need c-ares package (c-ares-1.11.0-x86_64-1salix)
Colin Chapman “light is right” those last words "the middle pedal is for cowards"

User avatar
gapan
Salix Wizard
Posts: 6071
Joined: 6. Jun 2009, 17:40

Re: Thu 1 Sep 2022 CVE-2022-35252 curl

Post by gapan » 12. Sep 2022, 08:21

SalixManiac wrote:
11. Sep 2022, 15:39
a small change between curl-7.84 and curl-7.85, the slackbuild of curl-7.85.0-x86_64-1 need c-ares package (c-ares-1.11.0-x86_64-1salix)
This is not a change, the dependency was there for previous versions as well.
Image
Image

User avatar
SalixManiac
Posts: 81
Joined: 15. Apr 2022, 02:26

Re: Thu 1 Sep 2022 CVE-2022-35252 curl

Post by SalixManiac » 12. Sep 2022, 18:15

I just wanted to say that the compilation of slackbuild curl-7.84 -x86_64 does not fail without c-ares and with curl-7.85-x86_64 without c-ares the compilation fails on salix64 14.2.
Colin Chapman “light is right” those last words "the middle pedal is for cowards"

Post Reply