rtime.felk.cvut.cz Git - coffee/buildroot.git/commit

author	Baruch Siach <baruch@tkos.co.il>
	Fri, 18 May 2018 03:00:36 +0000 (06:00 +0300)
committer	Thomas Petazzoni <thomas.petazzoni@bootlin.com>
	Sat, 19 May 2018 11:47:21 +0000 (13:47 +0200)
commit	051e2f2d0b3a74ede4cc1865513ebe4c59e7d2ed
tree	f0eaee6b8778d1cdac0f882f2459765374ff0131	tree \| snapshot
parent	45cf64ca0c0070151e4321e218e20cae5d730797	commit \| diff

libcurl: security bump to version 7.60.0

Drop upstream patch.

This release fixes the security issues listed below.

CVE-2018-1000300: curl might overflow a heap based memory buffer when
closing down an FTP connection with very long server command replies.

https://curl.haxx.se/docs/adv_2018-82c2.html

CVE-2018-1000301: curl can be tricked into reading data beyond the end
of a heap based buffer used to store downloaded content.

https://curl.haxx.se/docs/adv_2018-b138.html

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libcurl/0001-openssl-fix-build-with-LibreSSL-2.7.patch	[deleted file]	blob \| history
package/libcurl/libcurl.hash		diff \| blob \| history
package/libcurl/libcurl.mk		diff \| blob \| history