aboutsummaryrefslogtreecommitdiff
path: root/package
diff options
context:
space:
mode:
authorGravatar Peter Korsgaard <peter@korsgaard.com>2016-12-23 11:16:05 +0100
committerGravatar Peter Korsgaard <peter@korsgaard.com>2016-12-23 22:29:23 +0100
commit72b6bf8f57569c14238d223bb6cc6fec7fd3af4d (patch)
treeb2b8458eee444e54de6a9473039316ca879172f7 /package
parent9ffa395fc83c79cc53cbfa533b64c04f5a4a5323 (diff)
downloadbuildroot-72b6bf8f57569c14238d223bb6cc6fec7fd3af4d.tar.gz
buildroot-72b6bf8f57569c14238d223bb6cc6fec7fd3af4d.tar.bz2
libcurl: security bump to 7.52.1
Fixes CVE-2016-9594 - Unitilized random Libcurl's (new) internal function that returns a good 32bit random value was implemented poorly and overwrote the pointer instead of writing the value into the buffer the pointer pointed to. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package')
-rw-r--r--package/libcurl/libcurl.hash2
-rw-r--r--package/libcurl/libcurl.mk2
2 files changed, 2 insertions, 2 deletions
diff --git a/package/libcurl/libcurl.hash b/package/libcurl/libcurl.hash
index 2b68c6a7b4..7a942f238b 100644
--- a/package/libcurl/libcurl.hash
+++ b/package/libcurl/libcurl.hash
@@ -1,2 +1,2 @@
# Locally calculated after checking pgp signature
-sha256 b9a2e18b4785eb75ad84598720e1559e1c53550ea011c0e00becdb94e2df5cc6 curl-7.52.0.tar.bz2
+sha256 d16185a767cb2c1ba3d5b9096ec54e5ec198b213f45864a38b3bda4bbf87389b curl-7.52.1.tar.bz2
diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk
index b2a1b241dc..ea37309d82 100644
--- a/package/libcurl/libcurl.mk
+++ b/package/libcurl/libcurl.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBCURL_VERSION = 7.52.0
+LIBCURL_VERSION = 7.52.1
LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.bz2
LIBCURL_SITE = https://curl.haxx.se/download
LIBCURL_DEPENDENCIES = host-pkgconf \