[alpine-aports] [PATCH v3.4] main/curl: security upgrade to 7.52.1 - fixes #6599

Sergey Lukin
Details
Message ID
<20161230075247.184-1-sergej.lukin@gmail.com>
Sender timestamp
1483084367
DKIM signature
missing
Download raw message
Patch: +8 -2
CVE-2016-9594: unititialized random
CVE-2016-9586: printf floating point buffer overflow
CVE-2016-9952: Win CE schannel cert wildcard matches too much
CVE-2016-9953: Win CE schannel cert name out of buffer read

https://curl.haxx.se/changes.html
---
 main/curl/APKBUILD | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/main/curl/APKBUILD b/main/curl/APKBUILD
index 5184cd3..f2f2de6 100644
--- a/main/curl/APKBUILD
+++ b/main/curl/APKBUILD
@@ -1,8 +1,9 @@
+# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
 # Contributor: Valery Kartel <valery.kartel@gmail.com>
 # Contributor: Ɓukasz Jendrysik <scadu@yandex.com>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=curl
-pkgver=7.51.0
+pkgver=7.52.1
 pkgrel=0
 pkgdesc="An URL retrival utility and library"
 url="http://curl.haxx.se"
@@ -15,7 +16,12 @@ source="http://curl.haxx.se/download/$pkgname-$pkgver.tar.bz2"
 subpackages="$pkgname-doc $pkgname-dev libcurl"
 
 # secfixes:
-#   7.51.0:
+#   7.52.1-r0:
+#     - CVE-2016-9594
+#     - CVE-2016-9586
+#     - CVE-2016-9952
+#     - CVE-2016-9953
+#   7.51.0-r0:
 #     - CVE-2016-8615
 #     - CVE-2016-8616
 #     - CVE-2016-8617
-- 
2.8.3



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---