Back to bug 2179073
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Marian Rehak | 2023-03-16 15:06:37 UTC | CC | security-response-team | |
| Marian Rehak | 2023-03-16 16:21:29 UTC | Depends On | 2179116, 2179119, 2179113, 2179114, 2179117, 2179121, 2179115 | |
| Sandipan Roy | 2023-03-21 13:03:47 UTC | Group | qe_staff, security | |
| Summary | EMBARGOED CVE-2023-27535 curl: FTP too eager connection reuse | CVE-2023-27535 curl: FTP too eager connection reuse | ||
| Deadline | 2023-03-20 | |||
| Sandipan Roy | 2023-03-21 13:04:12 UTC | Depends On | 2180430, 2180429 | |
| Marian Rehak | 2023-04-03 17:56:58 UTC | Doc Text | A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The settings in questions are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level. | |
| Paige Jung | 2023-04-03 20:18:23 UTC | Doc Text | A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The settings in questions are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level. | A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic settings are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level. |
| Kazu Yoshida | 2023-04-27 05:14:19 UTC | CC | kyoshida | |
| errata-xmlrpc | 2023-05-09 11:05:39 UTC | Link ID | Red Hat Product Errata RHSA-2023:2650 | |
| errata-xmlrpc | 2023-05-16 10:02:35 UTC | Link ID | Red Hat Product Errata RHSA-2023:3106 | |
| Product Security DevOps Team | 2023-05-18 02:31:33 UTC | Resolution | --- | ERRATA |
| Status | NEW | CLOSED | ||
| Last Closed | 2023-05-18 02:31:33 UTC |
Back to bug 2179073