From: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH] libcurl: bump version to 7.51.0 (security)
Date: Wed, 2 Nov 2016 11:52:31 +0000 [thread overview]
Message-ID: <20161102115231.1289-1-Vincent.Riera@imgtec.com> (raw)
List of fixed CVEs:
CVE-2016-8615: cookie injection for other servers
CVE-2016-8616: case insensitive password comparison
CVE-2016-8617: OOB write via unchecked multiplication
CVE-2016-8618: double-free in curl_maprintf
CVE-2016-8619: double-free in krb5 code
CVE-2016-8620: glob parser write/read out of bounds
CVE-2016-8621: curl_getdate read out of bounds
CVE-2016-8622: URL unescape heap overflow via integer truncation
CVE-2016-8623: Use-after-free via shared cookies
CVE-2016-8624: invalid URL parsing with '#'
CVE-2016-8625: IDNA 2003 makes curl use wrong host
Full ChangeLog:
https://curl.haxx.se/changes.html#7_51_0
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
---
package/libcurl/libcurl.hash | 2 +-
package/libcurl/libcurl.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/libcurl/libcurl.hash b/package/libcurl/libcurl.hash
index e2f2ecd..e128335 100644
--- a/package/libcurl/libcurl.hash
+++ b/package/libcurl/libcurl.hash
@@ -1,2 +1,2 @@
# Locally calculated after checking pgp signature
-sha256 7b7347d976661d02c84a1f4d6daf40dee377efdc45b9e2c77dedb8acf140d8ec curl-7.50.3.tar.bz2
+sha256 7f8240048907e5030f67be0a6129bc4b333783b9cca1391026d700835a788dde curl-7.51.0.tar.bz2
diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk
index 32a3022..d60000a 100644
--- a/package/libcurl/libcurl.mk
+++ b/package/libcurl/libcurl.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBCURL_VERSION = 7.50.3
+LIBCURL_VERSION = 7.51.0
LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.bz2
LIBCURL_SITE = http://curl.haxx.se/download
LIBCURL_DEPENDENCIES = host-pkgconf \
--
2.10.1
next reply other threads:[~2016-11-02 11:52 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-02 11:52 Vicente Olivert Riera [this message]
2016-11-02 16:25 ` [Buildroot] [PATCH] libcurl: bump version to 7.51.0 (security) Thomas Petazzoni
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161102115231.1289-1-Vincent.Riera@imgtec.com \
--to=vincent.riera@imgtec.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox