Closed ellert closed 1 year ago
Hello,
Thank you for doing that! I'll end up applying the same EPEL fix during the CMake BuildCurlBundled target.
For this repository, I don't want to apply it via a specfile patch as it will do it on all platforms.
Thanks again for handling this on EPEL!
Cheers, Mihai
Thank you again for reporting and patching this for EPEL. The issue has been addressed here as well.
The next Davix release (v0.8.4
) brings the fix for both the upstream and the EPEL version.
Cheers, Mihai
https://curl.se/docs/CVE-2022-32221.html
Affected versions: libcurl 7.7 to and including 7.85.0 Not affected versions: libcurl < 7.7 and >= 7.86.0
davix bundles 7.69.0
The bundled library is used in the EPEL 7 and EPEL 8 builds, because the system version is too old. EPEL 9 and Fedora uses the system version.
I have backported the commit fixing the CVE (a one line patch) to the packages in EPEL 7 and EPEL 8.