[Buildroot] [PATCH] package/libcurl: security bump to 8.4.0

[Buildroot] [PATCH] package/libcurl: security bump to 8.4.0

[Jan Čermák]

Fixes following two vulnerabilities:

* CVE-2023-38545: SOCKS5 heap buffer overflow
  https://curl.se/docs/CVE-2023-38545.html
* CVE-2023-38546: cookie injection with none file
  https://curl.se/docs/CVE-2023-38546.html

Signed-off-by: Jan Čermák <sairon@sairon.cz>
---
 package/libcurl/libcurl.hash | 4 ++--
 package/libcurl/libcurl.mk   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/libcurl/libcurl.hash b/package/libcurl/libcurl.hash
index 371d20a632..ecd5d63909 100644
--- a/package/libcurl/libcurl.hash
+++ b/package/libcurl/libcurl.hash
@@ -1,5 +1,5 @@
 # Locally calculated after checking pgp signature
-# https://curl.se/download/curl-8.3.0.tar.xz.asc
+# https://curl.se/download/curl-8.4.0.tar.xz.asc
 # signed with key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2
-sha256  376d627767d6c4f05105ab6d497b0d9aba7111770dd9d995225478209c37ea63  curl-8.3.0.tar.xz
+sha256  16c62a9c4af0f703d28bda6d7bbf37ba47055ad3414d70dec63e2e6336f2a82d  curl-8.4.0.tar.xz
 sha256  b1d7feb949ea5023552029fbe0bf5db4f23c2f85e9b8e51e18536f0ecbf9c524  COPYING
diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk
index dd4cf43c6a..bd331a55aa 100644
--- a/package/libcurl/libcurl.mk
+++ b/package/libcurl/libcurl.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBCURL_VERSION = 8.3.0
+LIBCURL_VERSION = 8.4.0
 LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
 LIBCURL_SITE = https://curl.se/download
 LIBCURL_DEPENDENCIES = host-pkgconf \
-- 
2.34.1

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH] package/libcurl: security bump to 8.4.0

[Peter Korsgaard]

>>>>> "Jan" == Jan Čermák <sairon@sairon.cz> writes:

 > Fixes following two vulnerabilities:
 > * CVE-2023-38545: SOCKS5 heap buffer overflow
 >   https://curl.se/docs/CVE-2023-38545.html
 > * CVE-2023-38546: cookie injection with none file
 >   https://curl.se/docs/CVE-2023-38546.html

 > Signed-off-by: Jan Čermák <sairon@sairon.cz>

Committed, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH] package/libcurl: security bump to 8.4.0

[Peter Korsgaard]

>>>>> "Jan" == Jan Čermák <sairon@sairon.cz> writes:

 > Fixes following two vulnerabilities:
 > * CVE-2023-38545: SOCKS5 heap buffer overflow
 >   https://curl.se/docs/CVE-2023-38545.html
 > * CVE-2023-38546: cookie injection with none file
 >   https://curl.se/docs/CVE-2023-38546.html

 > Signed-off-by: Jan Čermák <sairon@sairon.cz>

Committed to 2023.02.x and 2023.08.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot