NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

libcurl: bump version to 7.51.0 (security)

Browse Source 
List of fixed CVEs:

CVE-2016-8615: cookie injection for other servers
CVE-2016-8616: case insensitive password comparison
CVE-2016-8617: OOB write via unchecked multiplication
CVE-2016-8618: double-free in curl_maprintf
CVE-2016-8619: double-free in krb5 code
CVE-2016-8620: glob parser write/read out of bounds
CVE-2016-8621: curl_getdate read out of bounds
CVE-2016-8622: URL unescape heap overflow via integer truncation
CVE-2016-8623: Use-after-free via shared cookies
CVE-2016-8624: invalid URL parsing with '#'
CVE-2016-8625: IDNA 2003 makes curl use wrong host

Full ChangeLog:

https://curl.haxx.se/changes.html#7_51_0

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit is contained in:
Vicente Olivert Riera 2016-11-02 11:52:31 +00:00 committed by Thomas Petazzoni
parent dac9e45b5f
commit afdb102bd5
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package/libcurl/libcurl.hash
View File

@ -1,2 +1,2 @@
# Locally calculated after checking pgp signature
sha256 7b7347d976661d02c84a1f4d6daf40dee377efdc45b9e2c77dedb8acf140d8ec curl-7.50.3.tar.bz2
sha256 7f8240048907e5030f67be0a6129bc4b333783b9cca1391026d700835a788dde curl-7.51.0.tar.bz2

2
package/libcurl/libcurl.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
LIBCURL_VERSION = 7.50.3
LIBCURL_VERSION = 7.51.0
LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.bz2
LIBCURL_SITE = http://curl.haxx.se/download
LIBCURL_DEPENDENCIES = host-pkgconf \