Please update curl version to >=8.7 in the stable Bookworm release, due to CVE-2024-2398

To: "debian-qa@lists.debian.org" <debian-qa@lists.debian.org>, "submit@bugs.debian.org" <submit@bugs.debian.org>
Subject: Please update curl version to >=8.7 in the stable Bookworm release, due to CVE-2024-2398
From: "Prusty, Badrikesh" <badrikesh.prusty@siemens.com>
Date: Wed, 7 Aug 2024 12:11:28 +0000
Message-id: <[🔎] SG2PR06MB510798B1E84E818C4C814A8491B82@SG2PR06MB5107.apcprd06.prod.outlook.com>

Package: curl

Version: 7.88.1-10+deb12u6

Severity: important

Hello Debian Team,

As curl version 7.88.1-10+deb12u6 is affected by CVE:

https://security-tracker.debian.org/tracker/CVE-2024-2398: 8.6

The listed CVE got fixed in version >=8.7.

Found that the updated version 8.8.0-1~bpo12+1 of package available in bookworm-backports:

https://packages.debian.org/source/bookworm-backports/curl

Kindly update curl and its library packages to 8.8.0-1 to fix the above listed vulnerability.

Let us know if any help is needed from my side for migrating the package from backports to stable Bookworm release.

Thanks & Regards,

Badrikesh

Reply to:

Prev by Date: Bug#1077833: UDD: screenshots importer broken -- currently disabled
Next by Date: Attn,:debian-qa@lists.debian.org.
Previous by thread: Processed: forcibly merging 1074038 1077844
Next by thread: Attn,:debian-qa@lists.debian.org.
Index(es):
- Date
- Thread