rtime.felk.cvut.cz Git - coffee/buildroot.git/commit

author	Baruch Siach <baruch@tkos.co.il>
	Thu, 15 Mar 2018 18:06:19 +0000 (20:06 +0200)
committer	Peter Korsgaard <peter@korsgaard.com>
	Fri, 6 Apr 2018 14:33:03 +0000 (16:33 +0200)
commit	6f2d5ed2befbb895aca7d9be2304f7124846c434
tree	810405e2fa9c1f938757f110bbc37d33130c40a0	tree \| snapshot
parent	11b209c5a3bb204a5086c56f88e97981519817ae	commit \| diff

libcurl: security bump to version 7.59.0

CVE-2018-1000120: curl could be fooled into writing a zero byte out of
bounds when curl is told to work on an FTP URL with the setting to only
issue a single CWD command, if the directory part of the URL contains a
"%00" sequence.

https://curl.haxx.se/docs/adv_2018-9cd6.html

CVE-2018-1000121: curl might dereference a near-NULL address when
getting an LDAP URL.

https://curl.haxx.se/docs/adv_2018-97a2.html

CVE-2018-1000122: When asked to transfer an RTSP URL, curl could
calculate a wrong data length to copy from the read buffer.

https://curl.haxx.se/docs/adv_2018-b047.html

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bf3476e5b1527ac91c0a12949be7da5253ea66c1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libcurl/libcurl.hash		diff \| blob \| history
package/libcurl/libcurl.mk		diff \| blob \| history