summaryrefslogtreecommitdiffstats
path: root/package/libcurl/libcurl.mk
diff options
context:
space:
mode:
authorBaruch Siach <baruch@tkos.co.il>2018-05-18 06:00:36 +0300
committerThomas Petazzoni <thomas.petazzoni@bootlin.com>2018-05-19 13:47:21 +0200
commit051e2f2d0b3a74ede4cc1865513ebe4c59e7d2ed (patch)
treef0eaee6b8778d1cdac0f882f2459765374ff0131 /package/libcurl/libcurl.mk
parent45cf64ca0c0070151e4321e218e20cae5d730797 (diff)
downloadbuildroot-051e2f2d0b3a74ede4cc1865513ebe4c59e7d2ed.tar.gz
buildroot-051e2f2d0b3a74ede4cc1865513ebe4c59e7d2ed.zip
libcurl: security bump to version 7.60.0
Drop upstream patch. This release fixes the security issues listed below. CVE-2018-1000300: curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies. https://curl.haxx.se/docs/adv_2018-82c2.html CVE-2018-1000301: curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded content. https://curl.haxx.se/docs/adv_2018-b138.html Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Diffstat (limited to 'package/libcurl/libcurl.mk')
-rw-r--r--package/libcurl/libcurl.mk2
1 files changed, 1 insertions, 1 deletions
diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk
index a3e66d094c..fbaeaa8975 100644
--- a/package/libcurl/libcurl.mk
+++ b/package/libcurl/libcurl.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBCURL_VERSION = 7.59.0
+LIBCURL_VERSION = 7.60.0
LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
LIBCURL_SITE = https://curl.haxx.se/download
LIBCURL_DEPENDENCIES = host-pkgconf \
OpenPOWER on IntegriCloud