Back to bug 2179092
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Marian Rehak | 2023-03-16 15:57:09 UTC | CC | security-response-team | |
| Marian Rehak | 2023-03-16 15:57:34 UTC | Priority | medium | low |
| Severity | medium | low | ||
| Marian Rehak | 2023-03-16 16:21:29 UTC | Depends On | 2179120, 2179118, 2179122 | |
| Sandipan Roy | 2023-03-21 13:04:02 UTC | Deadline | 2023-03-20 | |
| Group | security, qe_staff | |||
| Summary | EMBARGOED CVE-2023-27536 curl: GSS delegation too eager connection re-use | CVE-2023-27536 curl: GSS delegation too eager connection re-use | ||
| Sandipan Roy | 2023-03-21 13:04:29 UTC | Depends On | 2180432, 2180431 | |
| Marian Rehak | 2023-03-31 13:58:29 UTC | Severity | low | medium |
| Priority | low | medium | ||
| Marian Rehak | 2023-04-03 17:55:51 UTC | Doc Text | A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, this GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers. | |
| Paige Jung | 2023-04-03 20:25:17 UTC | Doc Text | A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, this GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers. | A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers. |
| Kazu Yoshida | 2023-04-27 05:12:13 UTC | CC | kyoshida | |
| Product Security DevOps Team | 2023-06-08 06:16:58 UTC | Flags | needinfo?(security-response-team) | |
| CC | dbodnarc | |||
| Flags | needinfo?(security-response-team) | needinfo?(mrehak) | ||
| RHEL Program Management Team | 2023-06-08 13:35:14 UTC | Depends On | 2213541 | |
| Marian Rehak | 2023-06-12 11:21:07 UTC | Flags | needinfo?(mrehak) | |
| Red Hat Bugzilla | 2023-07-07 08:28:41 UTC | Assignee | security-response-team | nobody |
| CC | security-response-team | |||
| errata-xmlrpc | 2023-08-08 08:19:57 UTC | Link ID | Red Hat Product Errata RHSA-2023:4523 |
Back to bug 2179092