| Message ID | 20221221210704.1868595-1-bernd.kuhls@t-online.de |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [1/1] package/libcurl: security bump version to 7.87.0 | expand |
>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls@t-online.de> writes: > Fixes the following security issues: > - CVE-2022-43551: Another HSTS bypass via IDN > https://curl.se/docs/CVE-2022-43551.html > - CVE-2022-43552: HTTP Proxy deny use-after-free > https://curl.se/docs/CVE-2022-43552.html > Changelog: https://curl.se/changes.html > Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Committed, thanks.
>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls@t-online.de> writes: > Fixes the following security issues: > - CVE-2022-43551: Another HSTS bypass via IDN > https://curl.se/docs/CVE-2022-43551.html > - CVE-2022-43552: HTTP Proxy deny use-after-free > https://curl.se/docs/CVE-2022-43552.html > Changelog: https://curl.se/changes.html > Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Committed to 2022.11.x and 2022.02.x, thanks.
diff --git a/package/libcurl/libcurl.hash b/package/libcurl/libcurl.hash index c0e2378cac..230ec8d704 100644 --- a/package/libcurl/libcurl.hash +++ b/package/libcurl/libcurl.hash @@ -1,5 +1,5 @@ # Locally calculated after checking pgp signature -# https://curl.se/download/curl-7.84.0.tar.xz.asc +# https://curl.se/download/curl-7.87.0.tar.xz.asc # signed with key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2 -sha256 2d61116e5f485581f6d59865377df4463f2e788677ac43222b496d4e49fb627b curl-7.86.0.tar.xz +sha256 ee5f1a1955b0ed413435ef79db28b834ea5f0fb7c8cfb1ce47175cc3bee08fff curl-7.87.0.tar.xz sha256 321b1a09ebc30410f2e837c072e5521cf7095b757193af4a7dae1086e36ed31a COPYING diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk index 8de4358107..994b685d34 100644 --- a/package/libcurl/libcurl.mk +++ b/package/libcurl/libcurl.mk @@ -4,7 +4,7 @@ # ################################################################################ -LIBCURL_VERSION = 7.86.0 +LIBCURL_VERSION = 7.87.0 LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz LIBCURL_SITE = https://curl.se/download LIBCURL_DEPENDENCIES = host-pkgconf \
Fixes the following security issues: - CVE-2022-43551: Another HSTS bypass via IDN https://curl.se/docs/CVE-2022-43551.html - CVE-2022-43552: HTTP Proxy deny use-after-free https://curl.se/docs/CVE-2022-43552.html Changelog: https://curl.se/changes.html Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> --- package/libcurl/libcurl.hash | 4 ++-- package/libcurl/libcurl.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-)