AVG-1756 log
| Package | lib32-libcurl-compat |
| Status | Fixed |
| Severity | High |
| Type | multiple issues |
| Affected | 7.75.0-1 |
| Fixed | 7.76.0-1 |
| Current | 8.7.1-4 [multilib] |
| Ticket | None |
| Created | Wed Mar 31 08:16:23 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-22890 | High | Yes | Authentication bypass | Enabled by default, libcurl supports the use of TLS 1.3 session tickets to resume previous TLS sessions to speed up subsequent TLS handshakes. When using a... |
| CVE-2021-22876 | Medium | Yes | Information disclosure | libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and... |