<patchinfo incident="30">
  <!-- generated from request(s) 339850 -->
  <issue tracker="bnc" id="1221665">VUL-0: CVE-2024-2004: curl: Usage of disabled protocol</issue>
  <issue tracker="bnc" id="1221666">VUL-0: CVE-2024-2379: curl: QUIC certificate check bypass with wolfSSL</issue>
  <issue tracker="bnc" id="1221667">VUL-0: CVE-2024-2398: curl: HTTP/2 push headers memory-leak</issue>
  <issue tracker="bnc" id="1221668">VUL-0: CVE-2024-2466: curl: TLS certificate check bypass with mbedTLS</issue>
  <issue tracker="bnc" id="1227888">VUL-0: CVE-2024-6197: curl: freeing stack buffer in utf8asn1str</issue>
  <issue tracker="bnc" id="1228535">VUL-0: CVE-2024-7264: curl: ASN.1 date parser overread</issue>
  <issue tracker="cve" id="2024-2004"/>
  <issue tracker="cve" id="2024-2379"/>
  <issue tracker="cve" id="2024-2398"/>
  <issue tracker="cve" id="2024-2466"/>
  <issue tracker="cve" id="2024-6197"/>
  <issue tracker="cve" id="2024-7264"/>
  <packager>pmonrealgonzalez</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for curl</summary>
  <description>This update for curl fixes the following issues:

Security issues fixed:

- CVE-2024-7264: ASN.1 date parser overread (bsc#1228535)
- CVE-2024-6197: Freeing stack buffer in utf8asn1str (bsc#1227888)
- CVE-2024-2379: QUIC certificate check bypass with wolfSSL (bsc#1221666)
- CVE-2024-2466: TLS certificate check bypass with mbedTLS (bsc#1221668)
- CVE-2024-2004: Usage of disabled protocol (bsc#1221665)
- CVE-2024-2398: HTTP/2 push headers memory-leak (bsc#1221667)

Non-security issue fixed:

- Fixed various TLS related issues including FTP over SSL transmission timeouts.
</description>
  <package>curl</package>
  <seperate_build_arch/>
</patchinfo>