tech-pkg archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: [security] Update www/curl to version 7.43.0
Hi,
Despite the fact that the freeze is now over, I've been informed that
there are problems with curl 7.43.0 caching "Content-Length" between
requests on the same connection. Probably best to wait for a fixed
version to come from upstream.
Thanks,
Alistair
On 28 June 2015 at 12:03, Pierre Pronchery <khorben%defora.org@localhost> wrote:
> Hi tech-pkg@,
>
> I am attaching a patch here that updates www/curl to version 7.43.0.
> This new version, released on June 17th, corrects two security issues:
> - CVE-2015-3236: lingering HTTP credentials in connection re-use
> - CVE-2015-3237: SMB send off unrelated memory contents
>
> The full changelog is at http://curl.haxx.se/changes.html#7_43_0. It
> also mentions "compilation fixes with old versions of NSS", among other
> fixes.
>
> This patch deprecates patch-lib_http2.c, which seems to be obsolete in
> 7.43.0 as documented. There is an issue with patch-aa (configure)
> however, which does not apply anymore; someone else should review this,
> or let me know how to handle this part.
>
> HTH,
> --
> khorben
Home |
Main Index |
Thread Index |
Old Index