CVE-2023-27534 (!21) · Merge requests · Debian / curl · GitLab

Bastien Roucariès requested to merge rouca/curl:debian/buster into debian/buster Jan 29, 2024

Hi

Can you review and merge this MR ?

I think this is correct but could you check the indexes ?

I can also backport dybuf as incomplete fix from suse but it is for me too much

https://build.opensuse.org/package/view_file/SUSE:SLE-12-SP5:Update/curl.28249/curl-CVE-2023-27534-dynbuf.patch?expand=1

https://build.opensuse.org/package/view_file/SUSE:SLE-12-SP5:Update/curl.28249/curl-CVE-2023-27534.patch?expand=1

It fix CVE-2023-27534

Thanks

@roberto can you get a glimpse ?