[Buildroot] [PATCH] libcurl: security bump to version 7.60.0
peter at korsgaard.com
Mon Jun 11 21:12:53 UTC 2018
>>>>> "Baruch" == Baruch Siach <baruch at tkos.co.il> writes:
> Drop upstream patch.
> This release fixes the security issues listed below.
> CVE-2018-1000300: curl might overflow a heap based memory buffer when
> closing down an FTP connection with very long server command replies.
> CVE-2018-1000301: curl can be tricked into reading data beyond the end
> of a heap based buffer used to store downloaded content.
> Signed-off-by: Baruch Siach <baruch at tkos.co.il>
Committed to 2018.02.x, thanks.
Bye, Peter Korsgaard
More information about the buildroot