[Tails-dev] curl 8.4.0 - need to update

Üzenet törlése

Válasz az üzenetre
Szerző: David A. Wheeler
Dátum:  
Címzett: The Tails public development discussion list
Tárgy: [Tails-dev] curl 8.4.0 - need to update
All:

curl 8.4.0 has been released. This fixes a high-severity vulnerability in curl's use of SOCKS5 (CVE-2023-38545), an important use case for Tails.

This is very unusual; it's very rare for find this kind of severe vulnerability in curl. Nevertheless, we're all human. Details here:
https://daniel.haxx.se/blog/2023/10/11/how-i-made-a-heap-overflow-in-curl/

--- David A. Wheeler