Patrick Monnerat discovered that Curl's support for chained HTTP compression algorithms was susceptible to denial of service. For the stable distribution (bullseye), this problem has been fixed in version 7.74.0-1.3+deb11u7. This update also fixes a regression in the previously released fix for CVE-2022-27774. We recommend that you upgrade your curl packages. For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl
Patrick Monnerat discovered that Curl's support for chained
HTTP
compression algorithms was susceptible to denial of service.
For the stable distribution (bullseye), this problem has been fixed in version 7.74.0-1.3+deb11u7. This update also fixes a regression in the previously released fix for CVE-2022-27774.
We recommend that you upgrade your curl packages.
For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl