[Buildroot] [PATCH 0/2] libcurl: Incorrect fix for CVE-2016-8625

Jeroen Roovers jer at airfi.aero
Thu Nov 3 11:05:10 UTC 2016


CVE-2016-8625 (IDNA 2003 makes curl use wrong host) was fixed by switching from
libidn to libidn2.

Jeroen Roovers (2):
  libidn2: new package
  libcurl: Use libidn2 instead of libidn

 package/Config.in            |  1 +
 package/libcurl/libcurl.mk   |  2 +-
 package/libidn2/Config.in    |  5 +++++
 package/libidn2/libidn2.hash |  2 ++
 package/libidn2/libidn2.mk   | 12 ++++++++++++
 5 files changed, 21 insertions(+), 1 deletion(-)
 create mode 100644 package/libidn2/Config.in
 create mode 100644 package/libidn2/libidn2.hash
 create mode 100644 package/libidn2/libidn2.mk

-- 
2.10.2



More information about the buildroot mailing list