Bugs fixes in "curl"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2022-32205 | A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficient | 2025-09-29 |
| Launchpad | 2118865 | libcurl outgoing Cookie header field size check is broken | 2025-09-29 |
| CVE | CVE-2022-32205 | A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficient | 2025-09-29 |
| Launchpad | 2118865 | libcurl outgoing Cookie header field size check is broken | 2025-09-29 |
| CVE | CVE-2024-11053 | When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the foll | 2024-12-16 |
| CVE | CVE-2024-11053 | When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the foll | 2024-12-16 |
| CVE | CVE-2024-11053 | When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the foll | 2024-12-16 |
| CVE | CVE-2024-11053 | When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the foll | 2024-12-16 |
| CVE | CVE-2024-11053 | When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the foll | 2024-12-16 |
| CVE | CVE-2024-11053 | When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the foll | 2024-12-16 |
| CVE | CVE-2024-9681 | When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than oth | 2024-11-18 |
| CVE | CVE-2024-9681 | When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than oth | 2024-11-18 |
| CVE | CVE-2024-9681 | When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than oth | 2024-11-18 |
| CVE | CVE-2024-9681 | When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than oth | 2024-11-18 |
| CVE | CVE-2024-8096 | When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is v | 2024-09-16 |
| CVE | CVE-2024-8096 | When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is v | 2024-09-16 |
| CVE | CVE-2024-8096 | When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is v | 2024-09-16 |
| CVE | CVE-2024-8096 | When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is v | 2024-09-16 |
| CVE | CVE-2024-8096 | When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is v | 2024-09-16 |
| CVE | CVE-2024-8096 | When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is v | 2024-09-16 |
About
-
Send Feedback to @ubuntu_updates
