Skip to content

Commit

Permalink
package/libcurl: security bump to 8.4.0
Browse files Browse the repository at this point in the history 
Fixes following two vulnerabilities:

* CVE-2023-38545: SOCKS5 heap buffer overflow
  https://curl.se/docs/CVE-2023-38545.html
* CVE-2023-38546: cookie injection with none file
  https://curl.se/docs/CVE-2023-38546.html

Signed-off-by: Jan Čermák <[email protected]>
Signed-off-by: Peter Korsgaard <[email protected]>
  • Loading branch information
@sairon @jacmet
sairon authored and jacmet committed Oct 11, 2023
1 parent 33b9225 commit 30dd60b
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
4 changes: 2 additions & 2 deletions package/libcurl/libcurl.hash
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# Locally calculated after checking pgp signature
# https://curl.se/download/curl-8.3.0.tar.xz.asc
# https://curl.se/download/curl-8.4.0.tar.xz.asc
# signed with key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2
sha256 376d627767d6c4f05105ab6d497b0d9aba7111770dd9d995225478209c37ea63 curl-8.3.0.tar.xz
sha256 16c62a9c4af0f703d28bda6d7bbf37ba47055ad3414d70dec63e2e6336f2a82d curl-8.4.0.tar.xz
sha256 b1d7feb949ea5023552029fbe0bf5db4f23c2f85e9b8e51e18536f0ecbf9c524 COPYING
2 changes: 1 addition & 1 deletion package/libcurl/libcurl.mk
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
#
################################################################################

LIBCURL_VERSION = 8.3.0
LIBCURL_VERSION = 8.4.0
LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
LIBCURL_SITE = https://curl.se/download
LIBCURL_DEPENDENCIES = host-pkgconf \
Expand Down

0 comments on commit 30dd60b

Please sign in to comment.