projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 45cf64c) | patch
libcurl: security bump to version 7.60.0
authorBaruch Siach <baruch@tkos.co.il>
Fri, 18 May 2018 03:00:36 +0000 (06:00 +0300)
committerThomas Petazzoni <thomas.petazzoni@bootlin.com>
Sat, 19 May 2018 11:47:21 +0000 (13:47 +0200)
commit051e2f2d0b3a74ede4cc1865513ebe4c59e7d2ed
treef0eaee6b8778d1cdac0f882f2459765374ff0131tree
parent45cf64ca0c0070151e4321e218e20cae5d730797commit | diff
libcurl: security bump to version 7.60.0

Drop upstream patch.

This release fixes the security issues listed below.

CVE-2018-1000300: curl might overflow a heap based memory buffer when
closing down an FTP connection with very long server command replies.

  https://curl.haxx.se/docs/adv_2018-82c2.html

CVE-2018-1000301: curl can be tricked into reading data beyond the end
of a heap based buffer used to store downloaded content.

  https://curl.haxx.se/docs/adv_2018-b138.html

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
package/libcurl/0001-openssl-fix-build-with-LibreSSL-2.7.patch [deleted file] blob | history
package/libcurl/libcurl.hash diff | blob | history
package/libcurl/libcurl.mk diff | blob | history