[devel] [cyber] I: Sisyphus-20161103 packages: +2! +73 (17599)
Michael Shigorin
mike на altlinux.org
Чт Ноя 3 14:39:26 MSK 2016
On Thu, Nov 03, 2016 at 04:43:25AM +0000, QA Team Robot wrote:
> curl - Gets a file from a FTP, GOPHER or HTTP server
> * Wed Nov 02 2016 Anton Farygin <rider на altlinux> 7.51.0-alt1
> - new version with security fixes:
> CVE-2016-8615: cookie injection for other servers
> CVE-2016-8616: case insensitive password comparison
> CVE-2016-8617: OOB write via unchecked multiplication
> CVE-2016-8618: double-free in curl_maprintf
> CVE-2016-8619: double-free in krb5 code
> CVE-2016-8620: glob parser write/read out of bounds
> CVE-2016-8621: curl_getdate read out of bounds
> CVE-2016-8622: URL unescape heap overflow via integer truncation
> CVE-2016-8623: Use-after-free via shared cookies
> CVE-2016-8624: invalid URL parsing with '#'
> CVE-2016-8625: IDNA 2003 makes curl use wrong host
> * Thu Oct 27 2016 Vladimir D. Seleznev <vseleznv на altlinux> 7.50.3-alt2
Хорошо бы его в p8 скопировать или пересобрать.
--
---- WBR, Michael Shigorin / http://altlinux.org
------ http://opennet.ru / http://anna-news.info
Подробная информация о списке рассылки Devel