[3.7] curl: Multiple vulnerabilities (CVE-2018-1000300, CVE-2018-1000301)
CVE-2018-1000300: FTP shutdown response buffer overflow
Affected versions:
curl 7.54.1 to and including curl 7.59.0
Not affected versions:
curl < 7.54.1 and curl >= 7.60.0
Reference:
https://curl.haxx.se/docs/adv\_2018-82c2.html
Patch:
https://curl.haxx.se/CVE-2018-1000300.patch
CVE-2018-1000301: RTSP bad headers buffer over-read
Affected versions:
curl 7.20.0 to and including curl 7.59.0
Not affected versions:
curl < 7.20.0 and curl >= 7.60.0
Reference:
https://curl.haxx.se/docs/adv\_2018-b138.html
Patch:
https://curl.haxx.se/CVE-2018-1000301.patch
(from redmine: issue id 8897, created on 2018-05-17, closed on 2018-05-21)
- Relations:
- copied_to #8895 (closed)
- parent #8895 (closed)