Issue #1404: [curl] CVE-2023-38545 curl: a heap based buffer overflow in the SOCKS5 proxy handshake [fedora-all] | rhbz#2243182 - blocker-review

fedora-qa / blocker-review

#1404 [curl] CVE-2023-38545 curl: a heap based buffer overflow in the SOCKS5 proxy handshake [fedora-all] | rhbz#2243182

Closed Nov 7, 2023 by blockerbot. Opened Oct 11, 2023 by blockerbot.

Bug details: ** https://bugzilla.redhat.com/show_bug.cgi?id=2243182 **
Information from BlockerBugs App:
2243182

Current vote summary

Accepted FinalBlocker (+8, 0, -0)
- +1 by frantisekz, kparal, thebeanogamer, pbrobinson, ngompa, sumantrom, zbyszek, adamwill

The votes have been last counted at 2023-10-11 16:12 UTC and the last processed comment was #comment-878274

To learn how to vote, see:
https://pagure.io/fedora-qa/blocker-review
A quick example: BetaBlocker +1 (where the tracker name is one of BetaBlocker/FinalBlocker/BetaFE/FinalFE/0Day/PreviousRelease and the vote is one of +1/0/-1)

frantisekz commented Oct 11, 2023

FinalBlocker +1

https://access.redhat.com/security/cve/CVE-2023-38545

"The release must contain no known security bugs of 'important' or higher impact according to the Red Hat severity classification scale which cannot be satisfactorily resolved by a package update (e.g. issues during installation)."

kparal commented Oct 11, 2023

FinalBlocker +1
per https://fedoraproject.org/wiki/Fedora_39_Final_Release_Criteria#Security_bugs

thebeanogamer commented Oct 11, 2023

FinalBlocker +1

pbrobinson commented Oct 11, 2023

FinalBlocker +1

ngompa commented Oct 11, 2023

FinalBlocker +1

sumantrom commented Oct 11, 2023

FinalBlocker +1

zbyszek commented Oct 11, 2023

FinalBlocker +1