AVG-2387 log
| Package | lib32-libcurl-compat |
| Status | Fixed |
| Severity | High |
| Type | multiple issues |
| Affected | 7.78.0-1 |
| Fixed | 7.79.0-1 |
| Current | 8.16.0-1 [multilib] |
| Ticket | None |
| Created | Wed Sep 15 08:03:25 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-22947 | Medium | Yes | Man-in-the-middle | A STARTTLS protocol injection flaw via man-in-the-middle was found in curl before 7.79.0. When curl connects to an IMAP, POP3, SMTP or FTP server to... |
| CVE-2021-22946 | Medium | Yes | Silent downgrade | A security issue was found in curl before 7.79.0. A user can tell curl to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server... |
| CVE-2021-22945 | High | Yes | Arbitrary code execution | A use-after-free security issue has been found in the MQTT sending component of curl before 7.79.0. When sending data to an MQTT server, libcurl could in... |