[Buildroot] [PATCH] libcurl: security bump to version 7.60.0
Peter Korsgaard
peter at korsgaard.com
Mon Jun 11 21:12:53 UTC 2018
>>>>> "Baruch" == Baruch Siach <baruch at tkos.co.il> writes:
> Drop upstream patch.
> This release fixes the security issues listed below.
> CVE-2018-1000300: curl might overflow a heap based memory buffer when
> closing down an FTP connection with very long server command replies.
> https://curl.haxx.se/docs/adv_2018-82c2.html
> CVE-2018-1000301: curl can be tricked into reading data beyond the end
> of a heap based buffer used to store downloaded content.
> https://curl.haxx.se/docs/adv_2018-b138.html
> Signed-off-by: Baruch Siach <baruch at tkos.co.il>
Committed to 2018.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list