<feed xmlns='http://www.w3.org/2005/Atom'>
<title>buildroot/package/libcurl/libcurl.hash, branch 2015.11</title>
<subtitle>OpenPOWER buildroot sources</subtitle>
<id>https://git.raptorcs.com/git/buildroot/atom?h=2015.11</id>
<link rel='self' href='https://git.raptorcs.com/git/buildroot/atom?h=2015.11'/>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/'/>
<updated>2015-10-08T15:06:51+00:00</updated>
<entry>
<title>libcurl: bump to version 7.45.0</title>
<updated>2015-10-08T15:06:51+00:00</updated>
<author>
<name>Vicente Olivert Riera</name>
<email>Vincent.Riera@imgtec.com</email>
</author>
<published>2015-10-07T11:06:48+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=7f4b13cc526f4004452ed9eac66a27f78da5080f'/>
<id>urn:sha1:7f4b13cc526f4004452ed9eac66a27f78da5080f</id>
<content type='text'>
Signed-off-by: Vicente Olivert Riera &lt;Vincent.Riera@imgtec.com&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>libcurl: bump to version 7.44.0</title>
<updated>2015-09-04T09:57:05+00:00</updated>
<author>
<name>Gustavo Zacarias</name>
<email>gustavo@zacarias.com.ar</email>
</author>
<published>2015-09-02T19:16:13+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=cf0fb42a4260bd215b2ec01f885a1305f7b93272'/>
<id>urn:sha1:cf0fb42a4260bd215b2ec01f885a1305f7b93272</id>
<content type='text'>
Signed-off-by: Gustavo Zacarias &lt;gustavo@zacarias.com.ar&gt;
Reviewed-by: Vicente Olivert Riera &lt;Vincent.Riera@imgtec.com&gt;
Tested-by: Vicente Olivert Riera &lt;Vincent.Riera@imgtec.com&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>libcurl: bump to version 7.43.0</title>
<updated>2015-06-18T20:41:32+00:00</updated>
<author>
<name>Vicente Olivert Riera</name>
<email>Vincent.Riera@imgtec.com</email>
</author>
<published>2015-06-18T16:44:26+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=fc91ffa2f90b759dfa5f438145f8acf55f6db0d8'/>
<id>urn:sha1:fc91ffa2f90b759dfa5f438145f8acf55f6db0d8</id>
<content type='text'>
- Bump to version 7.43.0
- Update hash file

Signed-off-by: Vicente Olivert Riera &lt;Vincent.Riera@imgtec.com&gt;
Acked-by: Gustavo Zacarias &lt;gustavo@zacarias.com.ar&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
<entry>
<title>libcurl: security bump to version 7.42.1</title>
<updated>2015-04-29T21:27:02+00:00</updated>
<author>
<name>Gustavo Zacarias</name>
<email>gustavo@zacarias.com.ar</email>
</author>
<published>2015-04-29T18:47:56+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=62592bb66036d520f13c8eefc25dca056a186959'/>
<id>urn:sha1:62592bb66036d520f13c8eefc25dca056a186959</id>
<content type='text'>
Fixes:
CVE-2013-3153 - sensitive HTTP server headers also sent to proxies.

And drop upstream patches.

Signed-off-by: Gustavo Zacarias &lt;gustavo@zacarias.com.ar&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>libcurl: security bump to version 7.42.0</title>
<updated>2015-04-23T07:45:03+00:00</updated>
<author>
<name>Gustavo Zacarias</name>
<email>gustavo@zacarias.com.ar</email>
</author>
<published>2015-04-23T05:46:07+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=4c8e6796814a03f564cfbab2cb7663d0f598655a'/>
<id>urn:sha1:4c8e6796814a03f564cfbab2cb7663d0f598655a</id>
<content type='text'>
Fixes:
CVE-2015-3144 - host name out of boundary memory access
CVE-2015-3145 - cookie parser out of boundary memory access
CVE-2015-3148 - Negotiate not treated as connection-oriented
CVE-2015-3143 - Re-using authenticated connection when unauthenticated

Signed-off-by: Gustavo Zacarias &lt;gustavo@zacarias.com.ar&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
<entry>
<title>libcurl: bump to version 7.41.0</title>
<updated>2015-02-25T16:25:54+00:00</updated>
<author>
<name>Gustavo Zacarias</name>
<email>gustavo@zacarias.com.ar</email>
</author>
<published>2015-02-25T12:07:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=1f556833c37b170070c39eb3c9e2ab1d14fdff80'/>
<id>urn:sha1:1f556833c37b170070c39eb3c9e2ab1d14fdff80</id>
<content type='text'>
Signed-off-by: Gustavo Zacarias &lt;gustavo@zacarias.com.ar&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>libcurl: security bump to version 7.40.0</title>
<updated>2015-01-08T18:19:15+00:00</updated>
<author>
<name>Gustavo Zacarias</name>
<email>gustavo@zacarias.com.ar</email>
</author>
<published>2015-01-08T17:29:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=d71a51d0e5768bcc88e90add609fdb02f72c9fb0'/>
<id>urn:sha1:d71a51d0e5768bcc88e90add609fdb02f72c9fb0</id>
<content type='text'>
Fixes:
CVE-2014-8150 - When libcurl sends a request to a server via a HTTP
proxy, it copies the entire URL into the request and sends if off.
If the given URL contains line feeds and carriage returns those will be
sent along to the proxy too, which allows the program to for example
send a separate HTTP request injected embedded in the URL.

CVE-2014-8151 - libcurl stores TLS Session IDs in its associated Session
ID cache when it connects to TLS servers. In subsequent connects it
re-uses the entry in the cache to resume the TLS connection faster than
when doing a full TLS handshake. The actual implementation for the
Session ID caching varies depending on the underlying TLS backend.

Signed-off-by: Gustavo Zacarias &lt;gustavo@zacarias.com.ar&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
<entry>
<title>libcurl: security bump to version 7.39.0</title>
<updated>2014-11-06T08:09:20+00:00</updated>
<author>
<name>Gustavo Zacarias</name>
<email>gustavo@zacarias.com.ar</email>
</author>
<published>2014-11-05T14:31:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=c30e017a1a6c2d368c4742d55e9ed17f96d29c06'/>
<id>urn:sha1:c30e017a1a6c2d368c4742d55e9ed17f96d29c06</id>
<content type='text'>
Fixes:
CVE-2014-3707 - libcurl's function curl_easy_duphandle() has a bug that
can lead to libcurl eventually sending off sensitive data that was not
intended for sending.

Removed patch that was upstream and now in the release.

Signed-off-by: Gustavo Zacarias &lt;gustavo@zacarias.com.ar&gt;
Reviewed-by: Vicente Olivert Riera &lt;Vincent.Riera@imgtec.com&gt;
Tested-by: Vicente Olivert Riera &lt;Vincent.Riera@imgtec.com&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>libcurl: add hash file</title>
<updated>2014-10-19T15:35:17+00:00</updated>
<author>
<name>Gustavo Zacarias</name>
<email>gustavo@zacarias.com.ar</email>
</author>
<published>2014-10-14T23:25:41+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=dbf74f631dbd114eb1644ea7f099f58174476bef'/>
<id>urn:sha1:dbf74f631dbd114eb1644ea7f099f58174476bef</id>
<content type='text'>
Signed-off-by: Gustavo Zacarias &lt;gustavo@zacarias.com.ar&gt;
Acked-by: "Yann E. MORIN" &lt;yann.morin.1998@free.fr&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
</feed>
