~alpine/aports

This thread contains a patchset. You're looking at the original emails, but you may wish to use the patch review UI. Review patch

[alpine-aports] [PATCH v3.4] main/curl: security upgrade to 7.52.1 - fixes #6599

Sergey Lukin <sergej.lukin@gmail.com>
Details
Message ID
<20161230075247.184-1-sergej.lukin@gmail.com>
Sender timestamp
1483084367
DKIM signature
missing
Download raw message
7 years ago
Patch: +8 -2 
CVE-2016-9594: unititialized random
CVE-2016-9586: printf floating point buffer overflow
CVE-2016-9952: Win CE schannel cert wildcard matches too much
CVE-2016-9953: Win CE schannel cert name out of buffer read

https://curl.haxx.se/changes.html
---
 main/curl/APKBUILD | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/main/curl/APKBUILD b/main/curl/APKBUILD
index 5184cd3..f2f2de6 100644
--- a/main/curl/APKBUILD
+++ b/main/curl/APKBUILD
@@ -1,8 +1,9 @@
# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
# Contributor: Valery Kartel <valery.kartel@gmail.com>
# Contributor: Łukasz Jendrysik <scadu@yandex.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=curl
pkgver=7.51.0
pkgver=7.52.1
pkgrel=0
pkgdesc="An URL retrival utility and library"
url="http://curl.haxx.se"
@@ -15,7 +16,12 @@ source="http://curl.haxx.se/download/$pkgname-$pkgver.tar.bz2"
subpackages="$pkgname-doc $pkgname-dev libcurl"

# secfixes:
#   7.51.0:
#   7.52.1-r0:
#     - CVE-2016-9594
#     - CVE-2016-9586
#     - CVE-2016-9952
#     - CVE-2016-9953
#   7.51.0-r0:
#     - CVE-2016-8615
#     - CVE-2016-8616
#     - CVE-2016-8617
-- 
2.8.3



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)