starlingx
/
tools
Code Issues Proposed changes

curl: Upgrade to 7.74.0-1.3+deb11u11 

Upgrade subpackages curl|libcurl3-gnutls|libcurl4|libcurl4-gnutls-dev
|libcurl4-openssl-dev to 7.74.0-1.3+deb11u11 to fix the CVE issue
CVE-2023-46218.

Refer to:
https://www.debian.org/security/2023/dsa-5587
https://www.tenable.com/plugins/nessus/187288
https://nvd.nist.gov/vuln/detail/CVE-2023-46218

TestPlan:
PASS: downloader; build-pkgs; build-image
PASS: Jenkins Installation

Closes-Bug: 2047316

Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Change-Id: Idbb9e6767a7982207c7de7fc19fce890bc91f6da
This commit is contained in:
Zhixiong Chi 2023-12-24 22:39:15 -08:00
parent 7133843f58
commit fcf426cf15
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
debian-mirror-tools/config/debian/common/base-bullseye.lst
View File

@ -54,7 +54,7 @@ cpp 4:10.2.1-1
cracklib-runtime 2.9.6-3.4
cron 3.0pl1-137
cryptsetup-bin 2:2.3.7-1+deb11u1
curl 7.74.0-1.3+deb11u10 https://snapshot.debian.org/archive/debian-security/20231011T065856Z/pool/updates/main/c/curl/curl_7.74.0-1.3%2Bdeb11u10_amd64.deb
curl 7.74.0-1.3+deb11u11 https://snapshot.debian.org/archive/debian-security/20231224T011632Z/pool/updates/main/c/curl/curl_7.74.0-1.3%2Bdeb11u11_amd64.deb
dash 0.5.11+git20200708+dd9ef66-5
dbconfig-common 2.0.19
dbus 1.12.28-0+deb11u1 https://snapshot.debian.org/archive/debian/20230625T033524Z/pool/main/d/dbus/dbus_1.12.28-0%2Bdeb11u1_amd64.deb
@ -306,10 +306,10 @@ libcryptsetup12 2:2.3.7-1+deb11u1
libctf0 2.35.2-2
libctf-nobfd0 2.35.2-2
libcups2 2.3.3op2-3+deb11u6 https://snapshot.debian.org/archive/debian/20231006T090846Z/pool/main/c/cups/libcups2_2.3.3op2-3%2Bdeb11u6_amd64.deb
libcurl3-gnutls 7.74.0-1.3+deb11u10 https://snapshot.debian.org/archive/debian-security/20231011T065856Z/pool/updates/main/c/curl/libcurl3-gnutls_7.74.0-1.3%2Bdeb11u10_amd64.deb
libcurl4 7.74.0-1.3+deb11u10 https://snapshot.debian.org/archive/debian-security/20231011T065856Z/pool/updates/main/c/curl/libcurl4_7.74.0-1.3%2Bdeb11u10_amd64.deb
libcurl4-gnutls-dev 7.74.0-1.3+deb11u10 https://snapshot.debian.org/archive/debian-security/20231011T065856Z/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.74.0-1.3%2Bdeb11u10_amd64.deb
libcurl4-openssl-dev 7.74.0-1.3+deb11u10 https://snapshot.debian.org/archive/debian-security/20231011T065856Z/pool/updates/main/c/curl/libcurl4-openssl-dev_7.74.0-1.3%2Bdeb11u10_amd64.deb
libcurl3-gnutls 7.74.0-1.3+deb11u11 https://snapshot.debian.org/archive/debian-security/20231224T011632Z/pool/updates/main/c/curl/libcurl3-gnutls_7.74.0-1.3%2Bdeb11u11_amd64.deb
libcurl4 7.74.0-1.3+deb11u11 https://snapshot.debian.org/archive/debian-security/20231224T011632Z/pool/updates/main/c/curl/libcurl4_7.74.0-1.3%2Bdeb11u11_amd64.deb
libcurl4-gnutls-dev 7.74.0-1.3+deb11u11 https://snapshot.debian.org/archive/debian-security/20231224T011632Z/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.74.0-1.3%2Bdeb11u11_amd64.deb
libcurl4-openssl-dev 7.74.0-1.3+deb11u11 https://snapshot.debian.org/archive/debian-security/20231224T011632Z/pool/updates/main/c/curl/libcurl4-openssl-dev_7.74.0-1.3%2Bdeb11u11_amd64.deb
libncursesw5-dev 6.2+20201114-2+deb11u2 https://snapshot.debian.org/archive/debian/20230726T151952Z/pool/main/n/ncurses/libncursesw5-dev_6.2%2B20201114-2%2Bdeb11u2_amd64.deb
libncurses5-dev 6.2+20201114-2+deb11u2 https://snapshot.debian.org/archive/debian/20230726T151952Z/pool/main/n/ncurses/libncurses5-dev_6.2%2B20201114-2%2Bdeb11u2_amd64.deb
libncurses-dev 6.2+20201114-2+deb11u2 https://snapshot.debian.org/archive/debian/20230726T151952Z/pool/main/n/ncurses/libncurses-dev_6.2%2B20201114-2%2Bdeb11u2_amd64.deb