Mail archive
alpine-aports

[alpine-aports] [PATCH v3.4] main/curl: security upgrade to 7.52.1 - fixes #6599

From: Sergey Lukin <sergej.lukin_at_gmail.com>
Date: Fri, 30 Dec 2016 07:52:47 +0000

CVE-2016-9594: unititialized random
CVE-2016-9586: printf floating point buffer overflow
CVE-2016-9952: Win CE schannel cert wildcard matches too much
CVE-2016-9953: Win CE schannel cert name out of buffer read

https://curl.haxx.se/changes.html
---
 main/curl/APKBUILD | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/main/curl/APKBUILD b/main/curl/APKBUILD
index 5184cd3..f2f2de6 100644
--- a/main/curl/APKBUILD
+++ b/main/curl/APKBUILD
_at_@ -1,8 +1,9 @@
+# Contributor: Sergei Lukin <sergej.lukin_at_gmail.com>
 # Contributor: Valery Kartel <valery.kartel_at_gmail.com>
 # Contributor: Ɓukasz Jendrysik <scadu_at_yandex.com>
 # Maintainer: Natanael Copa <ncopa_at_alpinelinux.org>
 pkgname=curl
-pkgver=7.51.0
+pkgver=7.52.1
 pkgrel=0
 pkgdesc="An URL retrival utility and library"
 url="http://curl.haxx.se"
_at_@ -15,7 +16,12 @@ source="http://curl.haxx.se/download/$pkgname-$pkgver.tar.bz2"
 subpackages="$pkgname-doc $pkgname-dev libcurl"
 
 # secfixes:
-#   7.51.0:
+#   7.52.1-r0:
+#     - CVE-2016-9594
+#     - CVE-2016-9586
+#     - CVE-2016-9952
+#     - CVE-2016-9953
+#   7.51.0-r0:
 #     - CVE-2016-8615
 #     - CVE-2016-8616
 #     - CVE-2016-8617
-- 
2.8.3
---
Unsubscribe:  alpine-aports+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-aports+help_at_lists.alpinelinux.org
---
Received on Fri Dec 30 2016 - 07:52:47 GMT