[Buildroot] [PATCH] libcurl: security bump to version 7.59.0

Peter Korsgaard peter at korsgaard.com
Fri Mar 16 09:34:51 UTC 2018


>>>>> "Baruch" == Baruch Siach <baruch at tkos.co.il> writes:

 > CVE-2018-1000120: curl could be fooled into writing a zero byte out of
 > bounds when curl is told to work on an FTP URL with the setting to only
 > issue a single CWD command, if the directory part of the URL contains a
 > "%00" sequence.

 > https://curl.haxx.se/docs/adv_2018-9cd6.html

 > CVE-2018-1000121: curl might dereference a near-NULL address when
 > getting an LDAP URL.

 > https://curl.haxx.se/docs/adv_2018-97a2.html

 > CVE-2018-1000122: When asked to transfer an RTSP URL, curl could
 > calculate a wrong data length to copy from the read buffer.

 > https://curl.haxx.se/docs/adv_2018-b047.html

 > Signed-off-by: Baruch Siach <baruch at tkos.co.il>

Committed, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list