AVG-795 log

Package curl
Status Fixed
Severity High
Type multiple issues
Affected 7.61.1-3
Fixed 7.62.0-1
Current 8.7.1-3 [core-testing]
8.6.0-4 [core]
Ticket None
Created Wed Oct 31 09:35:54 2018
Issue Severity Remote Type Description
CVE-2018-16842 Medium Yes Information disclosure
Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information...
CVE-2018-16840 High Yes Arbitrary code execution
A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up...
Date Advisory Package Type
06 Nov 2018 ASA-201811-4 curl multiple issues