From afdb102bd5a9bc35dde2fe0309da88f0d89210d3 Mon Sep 17 00:00:00 2001 From: Vicente Olivert Riera Date: Wed, 2 Nov 2016 11:52:31 +0000 Subject: [PATCH] libcurl: bump version to 7.51.0 (security) List of fixed CVEs: CVE-2016-8615: cookie injection for other servers CVE-2016-8616: case insensitive password comparison CVE-2016-8617: OOB write via unchecked multiplication CVE-2016-8618: double-free in curl_maprintf CVE-2016-8619: double-free in krb5 code CVE-2016-8620: glob parser write/read out of bounds CVE-2016-8621: curl_getdate read out of bounds CVE-2016-8622: URL unescape heap overflow via integer truncation CVE-2016-8623: Use-after-free via shared cookies CVE-2016-8624: invalid URL parsing with '#' CVE-2016-8625: IDNA 2003 makes curl use wrong host Full ChangeLog: https://curl.haxx.se/changes.html#7_51_0 Signed-off-by: Vicente Olivert Riera Signed-off-by: Thomas Petazzoni --- package/libcurl/libcurl.hash | 2 +- package/libcurl/libcurl.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/libcurl/libcurl.hash b/package/libcurl/libcurl.hash index e2f2ecd109..e1283350cc 100644 --- a/package/libcurl/libcurl.hash +++ b/package/libcurl/libcurl.hash @@ -1,2 +1,2 @@ # Locally calculated after checking pgp signature -sha256 7b7347d976661d02c84a1f4d6daf40dee377efdc45b9e2c77dedb8acf140d8ec curl-7.50.3.tar.bz2 +sha256 7f8240048907e5030f67be0a6129bc4b333783b9cca1391026d700835a788dde curl-7.51.0.tar.bz2 diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk index 32a3022ca5..d60000aaed 100644 --- a/package/libcurl/libcurl.mk +++ b/package/libcurl/libcurl.mk @@ -4,7 +4,7 @@ # ################################################################################ -LIBCURL_VERSION = 7.50.3 +LIBCURL_VERSION = 7.51.0 LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.bz2 LIBCURL_SITE = http://curl.haxx.se/download LIBCURL_DEPENDENCIES = host-pkgconf \ -- 2.30.2