mhashizume
commented
3 months ago This will need to be rebased on main to account for the changes merged in https://github.com/puppetlabs/puppet-runtime/pull/897/
Closed amitkarsale closed 2 months ago
mhashizume
commented
3 months ago This will need to be rebased on main to account for the changes merged in https://github.com/puppetlabs/puppet-runtime/pull/897/
joshcooper
commented
3 months ago Could you update the commit message to specify where the patch came from? Also could you mention that this change is only needed in 7.x and not main because curl 8.9.1 already has the fix (according to https://curl.se/docs/CVE-2024-7264.html)
Patch to fix curl CVE-2024-7264
7.x curl version - 7.88.1 For 7.x patch was inspired from : http://archive.ubuntu.com/ubuntu/pool/main/c/curl/
For main - we have the curl 8.9.1 version for which the fix is already present as per https://curl.se/docs/CVE-2024-7264.html
vanagon-generic-main : https://jenkins-platform.delivery.puppetlabs.net/view/vanagon-generic-builder/job/platform_vanagon-generic-builder_vanagon-packaging_generic-builder/3215/
vanagon-generic-7.x : https://jenkins-platform.delivery.puppetlabs.net/view/vanagon-generic-builder/job/platform_vanagon-generic-builder_vanagon-packaging_generic-builder/3214/