[v2.5] curl: multiple vulnerabilities (CVE-2014-0138 CVE-2014-0139)
CVE-2014-0138 (affected versions: from libcurl 7.10.6 to and including
7.35.0):
A patch for this problem is available at:
http://curl.haxx.se/libcurl-bad-reuse.patch
Source: http://curl.haxx.se/docs/adv\_20140326A.html
CVE-2014-0139 (affected versions: from libcurl 7.1 to and including
7.35.0):
A patch for this problem is available at:
http://curl.haxx.se/libcurl-reject-cert-ip-wildcards.patch
Source: http://curl.haxx.se/docs/adv\_20140326B.html
(from redmine: issue id 2818, created on 2014-04-03, closed on 2014-04-21)
- Relations:
- parent #2816 (closed)
- Changesets:
- Revision 79b58711 by Timo Teräs on 2014-04-18T11:54:59Z:
main/curl: security upgrade to 7.36.0 (CVE-2014-0138 CVE-2014-0139)
groff is now needed to build built-in manual. ref #2816
fixes #2818
(cherry picked from commit d218307c3f5ca3bb714075368f71f8c7332371cb)
Conflicts:
main/curl/APKBUILD