{"affected":[{"ecosystem_specific":{"binaries":[{"curl":"7.66.0-4.17.1","curl-mini":"7.66.0-4.17.1","libcurl-devel":"7.66.0-4.17.1","libcurl-devel-32bit":"7.66.0-4.17.1","libcurl-mini-devel":"7.66.0-4.17.1","libcurl4":"7.66.0-4.17.1","libcurl4-32bit":"7.66.0-4.17.1","libcurl4-mini":"7.66.0-4.17.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"curl","purl":"pkg:rpm/opensuse/curl&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"7.66.0-4.17.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"curl":"7.66.0-4.17.1","curl-mini":"7.66.0-4.17.1","libcurl-devel":"7.66.0-4.17.1","libcurl-devel-32bit":"7.66.0-4.17.1","libcurl-mini-devel":"7.66.0-4.17.1","libcurl4":"7.66.0-4.17.1","libcurl4-32bit":"7.66.0-4.17.1","libcurl4-mini":"7.66.0-4.17.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"curl-mini","purl":"pkg:rpm/opensuse/curl-mini&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"7.66.0-4.17.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for curl fixes the following issues:\n\n- CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114).\n- Allow partial chain verification [jsc#SLE-17956]\n  * Have intermediate certificates in the trust store be treated\n    as trust-anchors, in the same way as self-signed root CA\n    certificates are. This allows users to verify servers using\n    the intermediate cert only, instead of needing the whole chain.\n  * Set FLAG_TRUSTED_FIRST unconditionally.\n  * Do not check partial chains with CRL check.\n","id":"openSUSE-SU-2021:1762-1","modified":"2021-07-10T16:41:42Z","published":"2021-07-10T16:41:42Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OBJDOC5P7XCTDSENHRNLNXYRSHFI4CYU/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1186114"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-22898"}],"related":["CVE-2021-22898"],"summary":"Security update for curl","upstream":["CVE-2021-22898"]}