diff options
| author | Baruch Siach <baruch@tkos.co.il> | 2018-05-18 06:00:36 +0300 |
|---|---|---|
| committer | Thomas Petazzoni <thomas.petazzoni@bootlin.com> | 2018-05-19 13:47:21 +0200 |
| commit | 051e2f2d0b3a74ede4cc1865513ebe4c59e7d2ed (patch) | |
| tree | f0eaee6b8778d1cdac0f882f2459765374ff0131 /package/libcurl/libcurl.hash | |
| parent | 45cf64ca0c0070151e4321e218e20cae5d730797 (diff) | |
| download | buildroot-051e2f2d0b3a74ede4cc1865513ebe4c59e7d2ed.tar.gz buildroot-051e2f2d0b3a74ede4cc1865513ebe4c59e7d2ed.zip | |
libcurl: security bump to version 7.60.0
Drop upstream patch.
This release fixes the security issues listed below.
CVE-2018-1000300: curl might overflow a heap based memory buffer when
closing down an FTP connection with very long server command replies.
https://curl.haxx.se/docs/adv_2018-82c2.html
CVE-2018-1000301: curl can be tricked into reading data beyond the end
of a heap based buffer used to store downloaded content.
https://curl.haxx.se/docs/adv_2018-b138.html
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Diffstat (limited to 'package/libcurl/libcurl.hash')
| -rw-r--r-- | package/libcurl/libcurl.hash | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/package/libcurl/libcurl.hash b/package/libcurl/libcurl.hash index aec61e3f83..cb1e6e72f2 100644 --- a/package/libcurl/libcurl.hash +++ b/package/libcurl/libcurl.hash @@ -1,4 +1,4 @@ # Locally calculated after checking pgp signature -# https://curl.haxx.se/download/curl-7.59.0.tar.xz.asc -sha256 e44eaabdf916407585bf5c7939ff1161e6242b6b015d3f2f5b758b2a330461fc curl-7.59.0.tar.xz +# https://curl.haxx.se/download/curl-7.60.0.tar.xz.asc +sha256 8736ff8ded89ddf7e926eec7b16f82597d029fc1469f3a551f1fafaac164e6a0 curl-7.60.0.tar.xz sha256 5f3849ec38ddb927e79f514bf948890c41b8d1407286a49609b8fb1585931095 COPYING |
