NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
984bd5a94d
kumquat-buildroot/package/libcurl/libcurl.hash
Gustavo Zacarias d71a51d0e5 libcurl: security bump to version 7.40.0 
Fixes:
CVE-2014-8150 - When libcurl sends a request to a server via a HTTP
proxy, it copies the entire URL into the request and sends if off.
If the given URL contains line feeds and carriage returns those will be
sent along to the proxy too, which allows the program to for example
send a separate HTTP request injected embedded in the URL.

CVE-2014-8151 - libcurl stores TLS Session IDs in its associated Session
ID cache when it connects to TLS servers. In subsequent connects it
re-uses the entry in the cache to resume the TLS connection faster than
when doing a full TLS handshake. The actual implementation for the
Session ID caching varies depending on the underlying TLS backend.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-01-08 19:19:15 +01:00

3 lines
142 B
Plaintext
Raw Blame History

# Locally calculated after checking pgp signature
sha256 899109eb3900fa6b8a2f995df7f449964292776a04763e94fae640700f883fba curl-7.40.0.tar.bz2
Reference in New Issue View Git Blame Copy Permalink