projects / openwrt / staging / 981213.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 40ed838) | patch
curl: Fix multiple security problems
authorHauke Mehrtens <hauke@hauke-m.de>
Fri, 17 May 2019 20:40:26 +0000 (22:40 +0200)
committerHauke Mehrtens <hauke@hauke-m.de>
Thu, 30 May 2019 10:15:20 +0000 (12:15 +0200)
commitdc1b578a4cc1d7ec154a58baf3a813846c5adf9d
treee78010a927c172ef05b54d75bd178a451235a1bbtree | snapshot
parent40ed8389efbb4011c83b6d343412a54634d0c731commit | diff
curl: Fix multiple security problems

This fixes the following security problems:
* CVE-2018-14618: NTLM password overflow via integer overflow
* CVE-2018-16839: SASL password overflow via integer overflow
* CVE-2018-16840: use-after-free in handle close
* CVE-2018-16842: warning message out-of-buffer read
* CVE-2019-3823:  SMTP end-of-response out-of-bounds read
* CVE-2019-3822:  NTLMv2 type-3 header stack buffer overflow
* CVE-2018-16890: NTLM type-2 out-of-bounds buffer read

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
package/network/utils/curl/Makefile diff | blob | history
package/network/utils/curl/patches/401-CVE-2018-14618.patch [new file with mode: 0644] blob
package/network/utils/curl/patches/402-CVE-2018-16839.patch [new file with mode: 0644] blob
package/network/utils/curl/patches/403-CVE-2018-16840.patch [new file with mode: 0644] blob
package/network/utils/curl/patches/404-CVE-2018-16842.patch [new file with mode: 0644] blob
package/network/utils/curl/patches/405-CVE-2019-3823.patch [new file with mode: 0644] blob
package/network/utils/curl/patches/406-CVE-2019-3822.patch [new file with mode: 0644] blob
package/network/utils/curl/patches/407-CVE-2018-16890.patch [new file with mode: 0644] blob
Staging tree of Chuanhong Guo