[Buildroot] [PATCH 0/2] libcurl: Incorrect fix for CVE-2016-8625
Baruch Siach
baruch at tkos.co.il
Thu Nov 3 12:02:49 UTC 2016
Hi Jeroen,
On Thu, Nov 03, 2016 at 12:28:57PM +0100, Jeroen Roovers wrote:
> On 3 November 2016 at 12:19, Baruch Siach <baruch at tkos.co.il> wrote:
> > I could not find any mention of libidn2 in the CVE-2016-8625 advisor at
> > https://curl.haxx.se/docs/adv_20161102K.html .
>
> Indeed. The commit that switched to libidn2 does mention the advisory.
>
> https://github.com/curl/curl/commit/9c91ec778104ae3b744b39444d544e82d5ee9ece
Please mention that in the libidn to libidn2 commit log.
baruch
--
http://baruch.siach.name/blog/ ~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
- baruch at tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
More information about the buildroot
mailing list