diff options
author | Baruch Siach <baruch@tkos.co.il> | 2018-05-18 06:00:36 +0300 |
---|---|---|
committer | Thomas Petazzoni <thomas.petazzoni@bootlin.com> | 2018-05-19 13:47:21 +0200 |
commit | 051e2f2d0b3a74ede4cc1865513ebe4c59e7d2ed (patch) | |
tree | f0eaee6b8778d1cdac0f882f2459765374ff0131 /package/libcurl/libcurl.mk | |
parent | 45cf64ca0c0070151e4321e218e20cae5d730797 (diff) | |
download | buildroot-051e2f2d0b3a74ede4cc1865513ebe4c59e7d2ed.tar.gz buildroot-051e2f2d0b3a74ede4cc1865513ebe4c59e7d2ed.zip |
libcurl: security bump to version 7.60.0
Drop upstream patch.
This release fixes the security issues listed below.
CVE-2018-1000300: curl might overflow a heap based memory buffer when
closing down an FTP connection with very long server command replies.
https://curl.haxx.se/docs/adv_2018-82c2.html
CVE-2018-1000301: curl can be tricked into reading data beyond the end
of a heap based buffer used to store downloaded content.
https://curl.haxx.se/docs/adv_2018-b138.html
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Diffstat (limited to 'package/libcurl/libcurl.mk')
-rw-r--r-- | package/libcurl/libcurl.mk | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk index a3e66d094c..fbaeaa8975 100644 --- a/package/libcurl/libcurl.mk +++ b/package/libcurl/libcurl.mk @@ -4,7 +4,7 @@ # ################################################################################ -LIBCURL_VERSION = 7.59.0 +LIBCURL_VERSION = 7.60.0 LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz LIBCURL_SITE = https://curl.haxx.se/download LIBCURL_DEPENDENCIES = host-pkgconf \ |