[Buildroot] [PATCH] libcurl: security bump to version 7.60.0

Thomas Petazzoni thomas.petazzoni at bootlin.com
Sat May 19 11:47:39 UTC 2018


Hello,

On Fri, 18 May 2018 06:00:36 +0300, Baruch Siach wrote:
> Drop upstream patch.
> 
> This release fixes the security issues listed below.
> 
> CVE-2018-1000300: curl might overflow a heap based memory buffer when
> closing down an FTP connection with very long server command replies.
> 
>   https://curl.haxx.se/docs/adv_2018-82c2.html
> 
> CVE-2018-1000301: curl can be tricked into reading data beyond the end
> of a heap based buffer used to store downloaded content.
> 
>   https://curl.haxx.se/docs/adv_2018-b138.html
> 
> Signed-off-by: Baruch Siach <baruch at tkos.co.il>
> ---
>  ...-openssl-fix-build-with-LibreSSL-2.7.patch | 75 -------------------
>  package/libcurl/libcurl.hash                  |  4 +-
>  package/libcurl/libcurl.mk                    |  2 +-
>  3 files changed, 3 insertions(+), 78 deletions(-)
>  delete mode 100644 package/libcurl/0001-openssl-fix-build-with-LibreSSL-2.7.patch

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin (formerly Free Electrons)
Embedded Linux and Kernel engineering
https://bootlin.com



More information about the buildroot mailing list