<feed xmlns='http://www.w3.org/2005/Atom'>
<title>buildroot/package/libcurl, branch 2016.11.1</title>
<subtitle>OpenPOWER buildroot sources</subtitle>
<id>https://git.raptorcs.com/git/buildroot/atom?h=2016.11.1</id>
<link rel='self' href='https://git.raptorcs.com/git/buildroot/atom?h=2016.11.1'/>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/'/>
<updated>2016-12-23T21:57:06+00:00</updated>
<entry>
<title>libcurl: security bump to 7.52.1</title>
<updated>2016-12-23T21:57:06+00:00</updated>
<author>
<name>Peter Korsgaard</name>
<email>peter@korsgaard.com</email>
</author>
<published>2016-12-23T10:16:05+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=5f691d11d45bbd5340e1c903a7d4184769411347'/>
<id>urn:sha1:5f691d11d45bbd5340e1c903a7d4184769411347</id>
<content type='text'>
Fixes CVE-2016-9594 - Unitilized random

Libcurl's (new) internal function that returns a good 32bit random value was
implemented poorly and overwrote the pointer instead of writing the value
into the buffer the pointer pointed to.

Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
(cherry picked from commit 72b6bf8f57569c14238d223bb6cc6fec7fd3af4d)
</content>
</entry>
<entry>
<title>libcurl: security bump to 7.52.0</title>
<updated>2016-12-23T21:56:26+00:00</updated>
<author>
<name>Peter Korsgaard</name>
<email>peter@korsgaard.com</email>
</author>
<published>2016-12-21T07:48:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=d12c6df2fc69f4f7c8a79547dcee12cb7beb8290'/>
<id>urn:sha1:d12c6df2fc69f4f7c8a79547dcee12cb7beb8290</id>
<content type='text'>
Fixes CVE-2016-9586 - printf floating point buffer overflow

For details, see:
https://curl.haxx.se/docs/adv_20161221A.html

Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
(cherry picked from commit 0c5beb6501707dd5cb80484562bf2b0cbe2b4423)
</content>
</entry>
<entry>
<title>libcurl: move site to https</title>
<updated>2016-11-03T21:31:05+00:00</updated>
<author>
<name>Baruch Siach</name>
<email>baruch@tkos.co.il</email>
</author>
<published>2016-11-03T07:53:13+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=f9138514d1678415605b75ecfabecbb2f72f9310'/>
<id>urn:sha1:f9138514d1678415605b75ecfabecbb2f72f9310</id>
<content type='text'>
Saves a redirect.

Signed-off-by: Baruch Siach &lt;baruch@tkos.co.il&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
<entry>
<title>libcurl: bump version to 7.51.0 (security)</title>
<updated>2016-11-02T16:25:20+00:00</updated>
<author>
<name>Vicente Olivert Riera</name>
<email>Vincent.Riera@imgtec.com</email>
</author>
<published>2016-11-02T11:52:31+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=afdb102bd5a9bc35dde2fe0309da88f0d89210d3'/>
<id>urn:sha1:afdb102bd5a9bc35dde2fe0309da88f0d89210d3</id>
<content type='text'>
List of fixed CVEs:

CVE-2016-8615: cookie injection for other servers
CVE-2016-8616: case insensitive password comparison
CVE-2016-8617: OOB write via unchecked multiplication
CVE-2016-8618: double-free in curl_maprintf
CVE-2016-8619: double-free in krb5 code
CVE-2016-8620: glob parser write/read out of bounds
CVE-2016-8621: curl_getdate read out of bounds
CVE-2016-8622: URL unescape heap overflow via integer truncation
CVE-2016-8623: Use-after-free via shared cookies
CVE-2016-8624: invalid URL parsing with '#'
CVE-2016-8625: IDNA 2003 makes curl use wrong host

Full ChangeLog:

https://curl.haxx.se/changes.html#7_51_0

Signed-off-by: Vicente Olivert Riera &lt;Vincent.Riera@imgtec.com&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
<entry>
<title>libcurl: bump version to 7.50.3</title>
<updated>2016-09-14T19:45:58+00:00</updated>
<author>
<name>Vicente Olivert Riera</name>
<email>Vincent.Riera@imgtec.com</email>
</author>
<published>2016-09-14T08:52:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=28dc7f4adc6e6c7a6d67fab99ef7cb68117b502f'/>
<id>urn:sha1:28dc7f4adc6e6c7a6d67fab99ef7cb68117b502f</id>
<content type='text'>
Signed-off-by: Vicente Olivert Riera &lt;Vincent.Riera@imgtec.com&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>libcurl: bump version to 7.50.2</title>
<updated>2016-09-07T10:17:28+00:00</updated>
<author>
<name>Vicente Olivert Riera</name>
<email>Vincent.Riera@imgtec.com</email>
</author>
<published>2016-09-07T09:16:08+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=475387b43987b73a76b321599fb8da90c6b81c40'/>
<id>urn:sha1:475387b43987b73a76b321599fb8da90c6b81c40</id>
<content type='text'>
Signed-off-by: Vicente Olivert Riera &lt;Vincent.Riera@imgtec.com&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>libcurl: security bump version to 7.50.1</title>
<updated>2016-08-03T18:50:39+00:00</updated>
<author>
<name>Vicente Olivert Riera</name>
<email>Vincent.Riera@imgtec.com</email>
</author>
<published>2016-08-03T10:56:52+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=559c3820f871c8efabb161013b6fb5f5b02981e6'/>
<id>urn:sha1:559c3820f871c8efabb161013b6fb5f5b02981e6</id>
<content type='text'>
Contains fixes for CVE-2016-5419..5421:
https://curl.haxx.se/docs/vuln-7.50.0.html

[Peter: extend commit message with CVE info]
Signed-off-by: Vicente Olivert Riera &lt;Vincent.Riera@imgtec.com&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>libcurl: bump version to 7.50.0</title>
<updated>2016-07-21T11:56:15+00:00</updated>
<author>
<name>Vicente Olivert Riera</name>
<email>Vincent.Riera@imgtec.com</email>
</author>
<published>2016-07-21T11:30:33+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=627dc235ffb12d8d0c1cbb95b46d891160d9e452'/>
<id>urn:sha1:627dc235ffb12d8d0c1cbb95b46d891160d9e452</id>
<content type='text'>
Signed-off-by: Vicente Olivert Riera &lt;Vincent.Riera@imgtec.com&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
<entry>
<title>libcurl: security bump version to 7.49.1</title>
<updated>2016-05-31T10:59:10+00:00</updated>
<author>
<name>Vicente Olivert Riera</name>
<email>Vincent.Riera@imgtec.com</email>
</author>
<published>2016-05-31T09:48:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=5c913c17b250ff8e1dc2ffe9a43c5b9496cc1023'/>
<id>urn:sha1:5c913c17b250ff8e1dc2ffe9a43c5b9496cc1023</id>
<content type='text'>
Fixes CVE-2016-4802, https://curl.haxx.se/docs/adv_20160530.html

Signed-off-by: Vicente Olivert Riera &lt;Vincent.Riera@imgtec.com&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>libcurl: bump version to 7.49.0</title>
<updated>2016-05-23T15:05:24+00:00</updated>
<author>
<name>Vicente Olivert Riera</name>
<email>Vincent.Riera@imgtec.com</email>
</author>
<published>2016-05-18T10:14:37+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=4e58fe16b256fee536bad34fde686134d71c852c'/>
<id>urn:sha1:4e58fe16b256fee536bad34fde686134d71c852c</id>
<content type='text'>
Fixes CVE-2016-3739, https://curl.haxx.se/docs/adv_20160518.html.

Signed-off-by: Vicente Olivert Riera &lt;Vincent.Riera@imgtec.com&gt;
[Thomas: add reference to the CVE being fixed, pointed by Gustavo.]
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
</feed>
