[Buildroot] [PATCH] libcurl: security bump to version 7.60.0

Peter Korsgaard peter at korsgaard.com
Mon Jun 11 21:12:53 UTC 2018

>>>>> "Baruch" == Baruch Siach <baruch at tkos.co.il> writes:

 > Drop upstream patch.
 > This release fixes the security issues listed below.

 > CVE-2018-1000300: curl might overflow a heap based memory buffer when
 > closing down an FTP connection with very long server command replies.

 >   https://curl.haxx.se/docs/adv_2018-82c2.html

 > CVE-2018-1000301: curl can be tricked into reading data beyond the end
 > of a heap based buffer used to store downloaded content.

 >   https://curl.haxx.se/docs/adv_2018-b138.html

 > Signed-off-by: Baruch Siach <baruch at tkos.co.il>

Committed to 2018.02.x, thanks.

Bye, Peter Korsgaard

More information about the buildroot mailing list