ID

VAR-202210-1888

CVE

CVE-2022-32221

TITLE

Haxx  of  cURL  Vulnerability related to resource leakage to the wrong area in products from other vendors

DESCRIPTION

When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST. Haxx of cURL Products from other vendors have vulnerabilities related to resource disclosure to the wrong domain.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. (CVE-2022-42915). ========================================================================== Ubuntu Security Notice USN-5702-1 October 26, 2022 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in curl. Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries Details: Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. (CVE-2022-32221) Hiroki Kurosawa discovered that curl incorrectly handled parsing .netrc files. If an attacker were able to provide a specially crafted .netrc file, this issue could cause curl to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10. (CVE-2022-35260) It was discovered that curl incorrectly handled certain HTTP proxy return codes. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-42915) Hiroki Kurosawa discovered that curl incorrectly handled HSTS support when certain hostnames included IDN characters. A remote attacker could possibly use this issue to cause curl to use unencrypted connections. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-42916) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: curl 7.85.0-1ubuntu0.1 libcurl3-gnutls 7.85.0-1ubuntu0.1 libcurl3-nss 7.85.0-1ubuntu0.1 libcurl4 7.85.0-1ubuntu0.1 Ubuntu 22.04 LTS: curl 7.81.0-1ubuntu1.6 libcurl3-gnutls 7.81.0-1ubuntu1.6 libcurl3-nss 7.81.0-1ubuntu1.6 libcurl4 7.81.0-1ubuntu1.6 Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.14 libcurl3-gnutls 7.68.0-1ubuntu2.14 libcurl3-nss 7.68.0-1ubuntu2.14 libcurl4 7.68.0-1ubuntu2.14 Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.21 libcurl3-gnutls 7.58.0-2ubuntu3.21 libcurl3-nss 7.58.0-2ubuntu3.21 libcurl4 7.58.0-2ubuntu3.21 In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202212-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: curl: Multiple Vulnerabilities Date: December 19, 2022 Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365 ID: 202212-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. Background ========= A command line tool and library for transferring data with URLs. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/curl < 7.86.0 >= 7.86.0 Description ========== Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All curl users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.86.0" References ========= [ 1 ] CVE-2021-22922 https://nvd.nist.gov/vuln/detail/CVE-2021-22922 [ 2 ] CVE-2021-22923 https://nvd.nist.gov/vuln/detail/CVE-2021-22923 [ 3 ] CVE-2021-22925 https://nvd.nist.gov/vuln/detail/CVE-2021-22925 [ 4 ] CVE-2021-22926 https://nvd.nist.gov/vuln/detail/CVE-2021-22926 [ 5 ] CVE-2021-22945 https://nvd.nist.gov/vuln/detail/CVE-2021-22945 [ 6 ] CVE-2021-22946 https://nvd.nist.gov/vuln/detail/CVE-2021-22946 [ 7 ] CVE-2021-22947 https://nvd.nist.gov/vuln/detail/CVE-2021-22947 [ 8 ] CVE-2022-22576 https://nvd.nist.gov/vuln/detail/CVE-2022-22576 [ 9 ] CVE-2022-27774 https://nvd.nist.gov/vuln/detail/CVE-2022-27774 [ 10 ] CVE-2022-27775 https://nvd.nist.gov/vuln/detail/CVE-2022-27775 [ 11 ] CVE-2022-27776 https://nvd.nist.gov/vuln/detail/CVE-2022-27776 [ 12 ] CVE-2022-27779 https://nvd.nist.gov/vuln/detail/CVE-2022-27779 [ 13 ] CVE-2022-27780 https://nvd.nist.gov/vuln/detail/CVE-2022-27780 [ 14 ] CVE-2022-27781 https://nvd.nist.gov/vuln/detail/CVE-2022-27781 [ 15 ] CVE-2022-27782 https://nvd.nist.gov/vuln/detail/CVE-2022-27782 [ 16 ] CVE-2022-30115 https://nvd.nist.gov/vuln/detail/CVE-2022-30115 [ 17 ] CVE-2022-32205 https://nvd.nist.gov/vuln/detail/CVE-2022-32205 [ 18 ] CVE-2022-32206 https://nvd.nist.gov/vuln/detail/CVE-2022-32206 [ 19 ] CVE-2022-32207 https://nvd.nist.gov/vuln/detail/CVE-2022-32207 [ 20 ] CVE-2022-32208 https://nvd.nist.gov/vuln/detail/CVE-2022-32208 [ 21 ] CVE-2022-32221 https://nvd.nist.gov/vuln/detail/CVE-2022-32221 [ 22 ] CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 [ 23 ] CVE-2022-35260 https://nvd.nist.gov/vuln/detail/CVE-2022-35260 [ 24 ] CVE-2022-42915 https://nvd.nist.gov/vuln/detail/CVE-2022-42915 [ 25 ] CVE-2022-42916 https://nvd.nist.gov/vuln/detail/CVE-2022-42916 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202212-01 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: curl security update Advisory ID: RHSA-2023:0333-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:0333 Issue date: 2023-01-23 CVE Names: CVE-2022-32221 ==================================================================== 1. Summary: An update for curl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: POST following PUT confusion (CVE-2022-32221) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2135411 - CVE-2022-32221 curl: POST following PUT confusion 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): aarch64: curl-debuginfo-7.76.1-19.el9_1.1.aarch64.rpm curl-debugsource-7.76.1-19.el9_1.1.aarch64.rpm curl-minimal-debuginfo-7.76.1-19.el9_1.1.aarch64.rpm libcurl-debuginfo-7.76.1-19.el9_1.1.aarch64.rpm libcurl-devel-7.76.1-19.el9_1.1.aarch64.rpm libcurl-minimal-debuginfo-7.76.1-19.el9_1.1.aarch64.rpm ppc64le: curl-debuginfo-7.76.1-19.el9_1.1.ppc64le.rpm curl-debugsource-7.76.1-19.el9_1.1.ppc64le.rpm curl-minimal-debuginfo-7.76.1-19.el9_1.1.ppc64le.rpm libcurl-debuginfo-7.76.1-19.el9_1.1.ppc64le.rpm libcurl-devel-7.76.1-19.el9_1.1.ppc64le.rpm libcurl-minimal-debuginfo-7.76.1-19.el9_1.1.ppc64le.rpm s390x: curl-debuginfo-7.76.1-19.el9_1.1.s390x.rpm curl-debugsource-7.76.1-19.el9_1.1.s390x.rpm curl-minimal-debuginfo-7.76.1-19.el9_1.1.s390x.rpm libcurl-debuginfo-7.76.1-19.el9_1.1.s390x.rpm libcurl-devel-7.76.1-19.el9_1.1.s390x.rpm libcurl-minimal-debuginfo-7.76.1-19.el9_1.1.s390x.rpm x86_64: curl-debuginfo-7.76.1-19.el9_1.1.i686.rpm curl-debuginfo-7.76.1-19.el9_1.1.x86_64.rpm curl-debugsource-7.76.1-19.el9_1.1.i686.rpm curl-debugsource-7.76.1-19.el9_1.1.x86_64.rpm curl-minimal-debuginfo-7.76.1-19.el9_1.1.i686.rpm curl-minimal-debuginfo-7.76.1-19.el9_1.1.x86_64.rpm libcurl-debuginfo-7.76.1-19.el9_1.1.i686.rpm libcurl-debuginfo-7.76.1-19.el9_1.1.x86_64.rpm libcurl-devel-7.76.1-19.el9_1.1.i686.rpm libcurl-devel-7.76.1-19.el9_1.1.x86_64.rpm libcurl-minimal-debuginfo-7.76.1-19.el9_1.1.i686.rpm libcurl-minimal-debuginfo-7.76.1-19.el9_1.1.x86_64.rpm Red Hat Enterprise Linux BaseOS (v. 9): Source: curl-7.76.1-19.el9_1.1.src.rpm aarch64: curl-7.76.1-19.el9_1.1.aarch64.rpm curl-debuginfo-7.76.1-19.el9_1.1.aarch64.rpm curl-debugsource-7.76.1-19.el9_1.1.aarch64.rpm curl-minimal-7.76.1-19.el9_1.1.aarch64.rpm curl-minimal-debuginfo-7.76.1-19.el9_1.1.aarch64.rpm libcurl-7.76.1-19.el9_1.1.aarch64.rpm libcurl-debuginfo-7.76.1-19.el9_1.1.aarch64.rpm libcurl-minimal-7.76.1-19.el9_1.1.aarch64.rpm libcurl-minimal-debuginfo-7.76.1-19.el9_1.1.aarch64.rpm ppc64le: curl-7.76.1-19.el9_1.1.ppc64le.rpm curl-debuginfo-7.76.1-19.el9_1.1.ppc64le.rpm curl-debugsource-7.76.1-19.el9_1.1.ppc64le.rpm curl-minimal-7.76.1-19.el9_1.1.ppc64le.rpm curl-minimal-debuginfo-7.76.1-19.el9_1.1.ppc64le.rpm libcurl-7.76.1-19.el9_1.1.ppc64le.rpm libcurl-debuginfo-7.76.1-19.el9_1.1.ppc64le.rpm libcurl-minimal-7.76.1-19.el9_1.1.ppc64le.rpm libcurl-minimal-debuginfo-7.76.1-19.el9_1.1.ppc64le.rpm s390x: curl-7.76.1-19.el9_1.1.s390x.rpm curl-debuginfo-7.76.1-19.el9_1.1.s390x.rpm curl-debugsource-7.76.1-19.el9_1.1.s390x.rpm curl-minimal-7.76.1-19.el9_1.1.s390x.rpm curl-minimal-debuginfo-7.76.1-19.el9_1.1.s390x.rpm libcurl-7.76.1-19.el9_1.1.s390x.rpm libcurl-debuginfo-7.76.1-19.el9_1.1.s390x.rpm libcurl-minimal-7.76.1-19.el9_1.1.s390x.rpm libcurl-minimal-debuginfo-7.76.1-19.el9_1.1.s390x.rpm x86_64: curl-7.76.1-19.el9_1.1.x86_64.rpm curl-debuginfo-7.76.1-19.el9_1.1.i686.rpm curl-debuginfo-7.76.1-19.el9_1.1.x86_64.rpm curl-debugsource-7.76.1-19.el9_1.1.i686.rpm curl-debugsource-7.76.1-19.el9_1.1.x86_64.rpm curl-minimal-7.76.1-19.el9_1.1.x86_64.rpm curl-minimal-debuginfo-7.76.1-19.el9_1.1.i686.rpm curl-minimal-debuginfo-7.76.1-19.el9_1.1.x86_64.rpm libcurl-7.76.1-19.el9_1.1.i686.rpm libcurl-7.76.1-19.el9_1.1.x86_64.rpm libcurl-debuginfo-7.76.1-19.el9_1.1.i686.rpm libcurl-debuginfo-7.76.1-19.el9_1.1.x86_64.rpm libcurl-minimal-7.76.1-19.el9_1.1.i686.rpm libcurl-minimal-7.76.1-19.el9_1.1.x86_64.rpm libcurl-minimal-debuginfo-7.76.1-19.el9_1.1.i686.rpm libcurl-minimal-debuginfo-7.76.1-19.el9_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-32221 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY863FNzjgjWX9erEAQiAAw//dy6INDycWYuVSf+awmha/NiyscqDF/9j OLQzsWlc1OIniV/mkfHOVfcYboe0UkfRIlTQ2hCXzWRMXLq6EwsktkKweGx/5ECj I7Pbsh8lfH35Vtnyyy5y+wyp816nZHZnb4yjbKMQ43JNr7BJbNbDiAhvfzBnX5Li ZLGrXrmsxI5WOBHZ2VpjU+r+xt2SErc1C+QPj106qyp04ODYHxF7wKiv4huhJc82 q5tiOq7rS6Z0l4KnwRQuTRrytEzdE35RhkTOvgwq1lKf7mXCh34Rg4txnZ4BlSHj jW79GgY5WWdvqRK/B4kilKEk1XlfhxNAQtxKtxNPZGAAn2fh4Ehy9BKFNs7Pi+jI GmnbuoJJCpYHYH+Peatdouyi2dxgC+nvQNqSsUmqCW7yqC+S6jzrUhDajNRi7ENQ Z3YsuIeD5ET5izFWP/k/yCxE56/xoA7g/V7rzED+JV8rxQdXg3dByct7Y6NCpzqe m7ZdCir+Z7OJTAI0peP1IlzsZkm0w0w1HEDGSMJvBUnV1AeKjZB57To28cNSTwpw 8Qbvk4wQui+KdZAsdo8qndwg7dnUmg/+kPlFCZzxk/bzXHXV9pnqQ5pNgzrF9oUY CGjjK20tseR7V3+mdOZykfJcGfQXhlxPPCk5x6qoELWV/sYo0znh6s/vKmFlqiS9 +xFikoTh2xY=Y75J -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . For the stable distribution (bullseye), these problems have been fixed in version 7.74.0-1.3+deb11u5. This update also revises the fix for CVE-2022-27774 released in DSA-5197-1. We recommend that you upgrade your curl packages. For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmPUCUkACgkQEMKTtsN8 TjaA3g/8DBSNCu0gAsoqGfSGx42C4GDMKJBZKiW92bIVKuuJ+1Pq1VQ6msVdmOgC L/i1YFwFaxqPPQWnQQWBDNXn1oYpkVXop+Yq3ETsiX6bpF0+TCXBZRY9KsuSYyzn iky7f1ueJAFjqTHWdJ/J5nfSrYSdQ/UIDNKsO2dFTD3uq1W5+qStVAdxnSOh9pMY 5XgMh27urtZttTdyL+no+lRkK2jS2Ru8SgMCCmGsfUn7gFtxHn8Aqd2WEQQ9Asmg JkBjvZI2hhHqTBc96ZiTYCH6gjQHyGnRrRaZe0nZWyeSFJ8N8mblD1xequma5nPl Wy5t0kKcOMVr6HvaNDbHLd51WoO9e0htjBmZXdmeEeudvkGKg00d1cPlwWmihege uaiMHYUR/aCW1wko6FNsJ2yOZDY5iGjNNZHydrokcfB8DV/QGlFLFRXusUdX51bf ylMCx1vddLTB5NQeQ7q0+eB2Rq5kM0KqdX1gsuq9id5NGSeZR/yjNPPEHbJKu2RF RridvY1H6kn2mB7YGYDGLjT/hYkoEXrBcrzPXEpBwKzsu4ih1C9eFW8DhK+iPD/U 765dRV/UWIyk8uJHFmqfd4OqvG0ssVxYW5SraeOCVhToiA/vyB1mIOhYMWAitssG 5xQ/DH8+4NQkGAc2Rmh4aQ6hB7QZst1+Ztqgpkcr1fods9de51k= =EDu7 -----END PGP SIGNATURE----- . This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * libxml2: integer overflows with XML_PARSE_HUGE (CVE-2022-40303) * libxml2: dict corruption caused by entity reference cycles (CVE-2022-40304) * expat: a use-after-free in the doContent function in xmlparse.c (CVE-2022-40674) * zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field (CVE-2022-37434) * curl: HSTS bypass via IDN (CVE-2022-42916) * curl: HTTP proxy double-free (CVE-2022-42915) * curl: POST following PUT confusion (CVE-2022-32221) * httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813) * httpd: mod_sed: DoS vulnerability (CVE-2022-30522) * httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615) * httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614) * httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377) * curl: control code in cookie denial of service (CVE-2022-35252) * zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field (CVE-2022-37434) * jbcs-httpd24-httpd: httpd: mod_isapi: out-of-bounds read (CVE-2022-28330) * curl: Unpreserved file permissions (CVE-2022-32207) * curl: various flaws (CVE-2022-32206 CVE-2022-32208) * openssl: the c_rehash script allows command injection (CVE-2022-2068) * openssl: c_rehash script allows command injection (CVE-2022-1292) * jbcs-httpd24-httpd: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721) * jbcs-httpd24-httpd: httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds 2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody 2081494 - CVE-2022-1292 openssl: c_rehash script allows command injection 2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling 2095000 - CVE-2022-28330 httpd: mod_isapi: out-of-bounds read 2095002 - CVE-2022-28614 httpd: Out-of-bounds read via ap_rwrite() 2095006 - CVE-2022-28615 httpd: Out-of-bounds read in ap_strcmp_match() 2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability 2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism 2097310 - CVE-2022-2068 openssl: the c_rehash script allows command injection 2099300 - CVE-2022-32206 curl: HTTP compression denial of service 2099305 - CVE-2022-32207 curl: Unpreserved file permissions 2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification 2116639 - CVE-2022-37434 zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field 2120718 - CVE-2022-35252 curl: control code in cookie denial of service 2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c 2135411 - CVE-2022-32221 curl: POST following PUT confusion 2135413 - CVE-2022-42915 curl: HTTP proxy double-free 2135416 - CVE-2022-42916 curl: HSTS bypass via IDN 2136266 - CVE-2022-40303 libxml2: integer overflows with XML_PARSE_HUGE 2136288 - CVE-2022-40304 libxml2: dict corruption caused by entity reference cycles 5

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

other

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2026-04-18T22:33:45.753000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE