gnurl CVE applicability

gnunet-developers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

gnurl CVE applicability

From:	Nikita Ronja Gillmann
Subject:	gnurl CVE applicability
Date:	Mon, 4 Apr 2022 16:47:34 +0200
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0

Hi,

finishing the gnunet package for pkgsrc might require merging back theinactive gnurl into the pkgsrc tree from pkgsrc-wip.

I've looked at the current CVEs for curl, and I have open questions for2 of them. Could someone take a look at them and tell me if they applyin the context of how gnunet makes use of gnurl?I guess the 2 CVEs aren't applicable in our context, but I'd like to besure before I decide if I merge it back or not, or if I let the securityteam add an CVE to our security db.


https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=blob_plain;f=gnurl/gnurl-CVEs;h=190a57f1d3e672ae53a1ee8f799ab0068d94b1a0;hb=HEAD

https://curl.se/docs/CVE-2021-22924.html
https://curl.se/docs/CVE-2021-22890.html

Thanks!

[Prev in Thread]

Current Thread

[Next in Thread]

gnurl CVE applicability, Nikita Ronja Gillmann <=
- Re: gnurl CVE applicability, Christian Grothoff, 2022/04/04
  - Re: gnurl CVE applicability, Nikita Ronja Gillmann, 2022/04/04
    - Re: gnurl CVE applicability, Christian Grothoff, 2022/04/04
    - Re: gnurl CVE applicability, Schanzenbach, Martin, 2022/04/04
    - Re: gnurl CVE applicability, Nikita Ronja Gillmann, 2022/04/04
    - Re: gnurl CVE applicability, Mikhail, 2022/04/04
    - Re: gnurl CVE applicability, Schanzenbach, Martin, 2022/04/04

Prev by Date: Re: openbsd - gnunet warnings in logs
Next by Date: Re: gnurl CVE applicability
Previous by thread: openbsd - gnunet warnings in logs
Next by thread: Re: gnurl CVE applicability
Index(es):
- Date
- Thread