[Buildroot] [PATCH] libcurl: security bump to version 7.59.0
Peter Korsgaard
peter at korsgaard.com
Fri Mar 16 09:34:51 UTC 2018
>>>>> "Baruch" == Baruch Siach <baruch at tkos.co.il> writes:
> CVE-2018-1000120: curl could be fooled into writing a zero byte out of
> bounds when curl is told to work on an FTP URL with the setting to only
> issue a single CWD command, if the directory part of the URL contains a
> "%00" sequence.
> https://curl.haxx.se/docs/adv_2018-9cd6.html
> CVE-2018-1000121: curl might dereference a near-NULL address when
> getting an LDAP URL.
> https://curl.haxx.se/docs/adv_2018-97a2.html
> CVE-2018-1000122: When asked to transfer an RTSP URL, curl could
> calculate a wrong data length to copy from the read buffer.
> https://curl.haxx.se/docs/adv_2018-b047.html
> Signed-off-by: Baruch Siach <baruch at tkos.co.il>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list