Message ID | 20231011073506.687039-1-sairon@sairon.cz |
---|---|
State | Accepted |
Headers | show |
Series | package/libcurl: security bump to 8.4.0 | expand |
>>>>> "Jan" == Jan Čermák <sairon@sairon.cz> writes: > Fixes following two vulnerabilities: > * CVE-2023-38545: SOCKS5 heap buffer overflow > https://curl.se/docs/CVE-2023-38545.html > * CVE-2023-38546: cookie injection with none file > https://curl.se/docs/CVE-2023-38546.html > Signed-off-by: Jan Čermák <sairon@sairon.cz> Committed, thanks.
>>>>> "Jan" == Jan Čermák <sairon@sairon.cz> writes: > Fixes following two vulnerabilities: > * CVE-2023-38545: SOCKS5 heap buffer overflow > https://curl.se/docs/CVE-2023-38545.html > * CVE-2023-38546: cookie injection with none file > https://curl.se/docs/CVE-2023-38546.html > Signed-off-by: Jan Čermák <sairon@sairon.cz> Committed to 2023.02.x and 2023.08.x, thanks.
diff --git a/package/libcurl/libcurl.hash b/package/libcurl/libcurl.hash index 371d20a632..ecd5d63909 100644 --- a/package/libcurl/libcurl.hash +++ b/package/libcurl/libcurl.hash @@ -1,5 +1,5 @@ # Locally calculated after checking pgp signature -# https://curl.se/download/curl-8.3.0.tar.xz.asc +# https://curl.se/download/curl-8.4.0.tar.xz.asc # signed with key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2 -sha256 376d627767d6c4f05105ab6d497b0d9aba7111770dd9d995225478209c37ea63 curl-8.3.0.tar.xz +sha256 16c62a9c4af0f703d28bda6d7bbf37ba47055ad3414d70dec63e2e6336f2a82d curl-8.4.0.tar.xz sha256 b1d7feb949ea5023552029fbe0bf5db4f23c2f85e9b8e51e18536f0ecbf9c524 COPYING diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk index dd4cf43c6a..bd331a55aa 100644 --- a/package/libcurl/libcurl.mk +++ b/package/libcurl/libcurl.mk @@ -4,7 +4,7 @@ # ################################################################################ -LIBCURL_VERSION = 8.3.0 +LIBCURL_VERSION = 8.4.0 LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz LIBCURL_SITE = https://curl.se/download LIBCURL_DEPENDENCIES = host-pkgconf \
Fixes following two vulnerabilities: * CVE-2023-38545: SOCKS5 heap buffer overflow https://curl.se/docs/CVE-2023-38545.html * CVE-2023-38546: cookie injection with none file https://curl.se/docs/CVE-2023-38546.html Signed-off-by: Jan Čermák <sairon@sairon.cz> --- package/libcurl/libcurl.hash | 4 ++-- package/libcurl/libcurl.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-)