projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d67e592) | patch
libcurl: security bump to version 7.40.0
authorGustavo Zacarias <gustavo@zacarias.com.ar>
Thu, 8 Jan 2015 17:29:16 +0000 (14:29 -0300)
committerThomas Petazzoni <thomas.petazzoni@free-electrons.com>
Thu, 8 Jan 2015 18:19:15 +0000 (19:19 +0100)
commitd71a51d0e5768bcc88e90add609fdb02f72c9fb0
treec0b877a29872135f07db951249179942e0c61b81tree
parentd67e592ee67c5e27ee39a45c7b67a98aebbef3accommit | diff
libcurl: security bump to version 7.40.0

Fixes:
CVE-2014-8150 - When libcurl sends a request to a server via a HTTP
proxy, it copies the entire URL into the request and sends if off.
If the given URL contains line feeds and carriage returns those will be
sent along to the proxy too, which allows the program to for example
send a separate HTTP request injected embedded in the URL.

CVE-2014-8151 - libcurl stores TLS Session IDs in its associated Session
ID cache when it connects to TLS servers. In subsequent connects it
re-uses the entry in the cache to resume the TLS connection faster than
when doing a full TLS handshake. The actual implementation for the
Session ID caching varies depending on the underlying TLS backend.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
package/libcurl/libcurl.hash diff | blob | history
package/libcurl/libcurl.mk diff | blob | history