Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Deepin Integration]~[V23-Beta3] integrate curl 8.3.0-2deepin1 by UTsweetyfish #5846

Closed
deepin-bot bot opened this issue Oct 11, 2023 · 3 comments
Closed

[Deepin Integration]~[V23-Beta3] integrate curl 8.3.0-2deepin1 by UTsweetyfish #5846

deepin-bot bot opened this issue Oct 11, 2023 · 3 comments
Assignees
@Zeno-sole
Labels
Project:integrated 集成管理相关 吴波 吴波
Milestone
V23-Beta3

Comments

@deepin-bot
Copy link

deepin-bot bot commented Oct 11, 2023
edited by UTsweetyfish
Loading

Package information | 软件包信息

包名 版本
curl 8.3.0-2deepin1

Package repository address | 软件包仓库地址

deb [trusted=yes] https://ci.deepin.com/repo/obs/deepin:/CI:/TestingIntegration:/test-integration-pr-559/testing/ ./

Changelog | 更新信息

curl (8.3.0-2deepin1) unstable; urgency=medium

Test suggestion | 测试建议

修复 CVE-2023-38545

Influence | 影响范围

Beta 2 为 7.79,受到影响。

ADDITIONAL INFORMATION | 额外补充
@deepin-bot deepin-bot bot added the Project:integrated 集成管理相关 label Oct 11, 2023
@deepin-bot deepin-bot bot added this to the V23-Beta3 milestone Oct 11, 2023
@deepin-bot deepin-bot bot moved this to In progress in v23-集成管理 Oct 11, 2023
@github-actions github-actions bot mentioned this issue Oct 11, 2023
Closed
@deepin-bot
Copy link
Author

deepin-bot bot commented Oct 11, 2023

IntegrationProjector Bot
Deepin Testing Integration Project Manager Info
Link to deepin-community/Repository-Integration#559

@babyfengfjx babyfengfjx removed their assignment Oct 12, 2023
@babyfengfjx babyfengfjx added the 吴波 吴波 label Oct 12, 2023
@babyfengfjx babyfengfjx moved this from In progress to 测试中 in v23-集成管理 Oct 12, 2023
@babyfengfjx
Copy link

@kobe337 请结合 #5268 一起验证。

@kobe337
Copy link

kobe337 commented Oct 12, 2023
edited
Loading

CVE-2023-38545
官方信息:https://curl.se/docs/CVE-2023-38545.html
官方patch解决方法:curl/curl@fb4415d8aee6c1

【环境】:
镜像:https://cdimage.uniontech.com/community/releases/23-Beta2/
仓库:deb [trusted=yes] https://ci.deepin.com/repo/obs/deepin:/CI:/TestingIntegration:/test-integration-pr-559/testing/ ./
内核:Linux deepin-PC 6.1.32-amd64-desktop-hwe #23.01.00.20 SMP PREEMPT_DYNAMIC Mon Sep 11 14:16:03 CST 2023 x86_64 GNU/Linux
【结论】:
测试通过,暂无严重问题及影响

源码patch修复文件
curl cve

官方patch修复代码
image

官方提供了多个漏洞修复方案,与研发同事沟通,基于目前的环境,选择了patch修复方案,已按照官方的修复代码进行核对,已确认漏洞已修复,修复原理为增加了缓冲区butter注入数据的长度校验。

curl功能正常
image

@kobe337 kobe337 moved this from 测试中 to 测试通过 in v23-集成管理 Oct 12, 2023
@Zeno-sole Zeno-sole moved this from 测试通过 to 已集成 in v23-集成管理 Oct 12, 2023
@UTsweetyfish UTsweetyfish mentioned this issue Apr 23, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Zeno-sole Zeno-sole

Labels
Project:integrated 集成管理相关 吴波 吴波
Projects
v23-集成管理
Archived in project
Milestone
V23-Beta3
Development

No branches or pull requests
4 participants
@kobe337 @babyfengfjx @Zeno-sole @hudeng-go