[Buildroot] [PATCH] libcurl: security bump to version 7.42.0
Thomas Petazzoni
thomas.petazzoni at free-electrons.com
Thu Apr 23 07:47:27 UTC 2015
Dear Gustavo Zacarias,
On Thu, 23 Apr 2015 02:46:07 -0300, Gustavo Zacarias wrote:
> Fixes:
> CVE-2015-3144 - host name out of boundary memory access
> CVE-2015-3145 - cookie parser out of boundary memory access
> CVE-2015-3148 - Negotiate not treated as connection-oriented
> CVE-2015-3143 - Re-using authenticated connection when unauthenticated
>
> Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
> ---
> ...1-connectionexists-fix-build-without-NTLM.patch | 54 ++++++++++++++++++++++
> ...connectionexists-follow-up-to-fd9d3a1ef1f.patch | 48 +++++++++++++++++++
> package/libcurl/libcurl.hash | 2 +-
> package/libcurl/libcurl.mk | 2 +-
> 4 files changed, 104 insertions(+), 2 deletions(-)
> create mode 100644 package/libcurl/0001-connectionexists-fix-build-without-NTLM.patch
> create mode 100644 package/libcurl/0002-connectionexists-follow-up-to-fd9d3a1ef1f.patch
Applied, thanks.
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
More information about the buildroot
mailing list