diff options
author | Hauke Mehrtens <hauke@hauke-m.de> | 2018-08-10 21:39:06 +0200 |
---|---|---|
committer | Hauke Mehrtens <hauke@hauke-m.de> | 2018-08-10 22:56:31 +0200 |
commit | 9bc43f3e65bc8e0bb3d0c5ea8ff906111197afb9 (patch) | |
tree | 6c855135e0208b15092012d4c86363d19de846f6 /package/network/utils/curl/patches/320-mbedtls-nonblocking-handshake.patch | |
parent | b3983323a1f25c936ddfcc129c454b282e90eeed (diff) | |
download | upstream-9bc43f3e65bc8e0bb3d0c5ea8ff906111197afb9.tar.gz upstream-9bc43f3e65bc8e0bb3d0c5ea8ff906111197afb9.tar.bz2 upstream-9bc43f3e65bc8e0bb3d0c5ea8ff906111197afb9.zip |
curl: fix some security problems
This fixes the following security problems:
* CVE-2017-1000254: FTP PWD response parser out of bounds read
* CVE-2017-1000257: IMAP FETCH response out of bounds read
* CVE-2018-1000005: HTTP/2 trailer out-of-bounds read
* CVE-2018-1000007: HTTP authentication leak in redirects
* CVE-2018-1000120: FTP path trickery leads to NIL byte out of bounds write
* CVE-2018-1000121: LDAP NULL pointer dereference
* CVE-2018-1000122: RTSP RTP buffer over-read
* CVE-2018-1000301: RTSP bad headers buffer over-read
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Diffstat (limited to 'package/network/utils/curl/patches/320-mbedtls-nonblocking-handshake.patch')
-rw-r--r-- | package/network/utils/curl/patches/320-mbedtls-nonblocking-handshake.patch | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/package/network/utils/curl/patches/320-mbedtls-nonblocking-handshake.patch b/package/network/utils/curl/patches/320-mbedtls-nonblocking-handshake.patch index 33ab296e56..0beac59e48 100644 --- a/package/network/utils/curl/patches/320-mbedtls-nonblocking-handshake.patch +++ b/package/network/utils/curl/patches/320-mbedtls-nonblocking-handshake.patch @@ -9,11 +9,9 @@ vtls must set wait for read/write flags for the socket. lib/vtls/vtls.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) -diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c -index fad9335bbf..871622fef1 100644 --- a/lib/vtls/vtls.c +++ b/lib/vtls/vtls.c -@@ -485,8 +485,9 @@ void Curl_ssl_close_all(struct Curl_easy *data) +@@ -488,8 +488,9 @@ void Curl_ssl_close_all(struct Curl_easy } #if defined(USE_OPENSSL) || defined(USE_GNUTLS) || defined(USE_SCHANNEL) || \ |