[Buildroot] [PATCH] libcurl: bump version to 7.51.0 (security)

Thomas Petazzoni thomas.petazzoni at free-electrons.com
Wed Nov 2 16:25:55 UTC 2016


Hello,

On Wed, 2 Nov 2016 11:52:31 +0000, Vicente Olivert Riera wrote:
> List of fixed CVEs:
> 
> CVE-2016-8615: cookie injection for other servers
> CVE-2016-8616: case insensitive password comparison
> CVE-2016-8617: OOB write via unchecked multiplication
> CVE-2016-8618: double-free in curl_maprintf
> CVE-2016-8619: double-free in krb5 code
> CVE-2016-8620: glob parser write/read out of bounds
> CVE-2016-8621: curl_getdate read out of bounds
> CVE-2016-8622: URL unescape heap overflow via integer truncation
> CVE-2016-8623: Use-after-free via shared cookies
> CVE-2016-8624: invalid URL parsing with '#'
> CVE-2016-8625: IDNA 2003 makes curl use wrong host
> 
> Full ChangeLog:
> 
> https://curl.haxx.se/changes.html#7_51_0
> 
> Signed-off-by: Vicente Olivert Riera <Vincent.Riera at imgtec.com>
> ---
>  package/libcurl/libcurl.hash | 2 +-
>  package/libcurl/libcurl.mk   | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com



More information about the buildroot mailing list