-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________
OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security/ http://www.openpkg.org [EMAIL PROTECTED] [EMAIL PROTECTED] OpenPKG-SA-2006.012 28-Jun-2006 ________________________________________________________________________ Package: curl Vulnerability: buffer overflow OpenPKG Specific: no Affected Releases: Affected Packages: Corrected Packages: OpenPKG CURRENT <= curl-7.15.2-20060227 >= curl-7.15.3-20060320 OpenPKG 2-STABLE N.A. N.A. OpenPKG 2.5-RELEASE <= curl-7.15.0-2.5.1 >= curl-7.15.0-2.5.2 Description: According to a vendor security advisory [0], a buffer overflow exists in cURL [1], a command line tool for fetching content via URLs. The Common Vulnerabilities and Exposures (CVE) project assigned the id CVE-2006-1061 [2] to the problem. ________________________________________________________________________ References: [0] http://curl.haxx.se/docs/adv_20060320.html [1] http://curl.haxx.se/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1061 ________________________________________________________________________ For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG <[EMAIL PROTECTED]>" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. ________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Comment: OpenPKG <[EMAIL PROTECTED]> iD8DBQFEokfVgHWT4GPEy58RAkfZAJ9WPW9owb25lc6LkUbJhanEDZ01gwCeMAGP 2DSfvJ1apI56z6nDbCf4Io8= =c5Vi -----END PGP SIGNATURE----- ______________________________________________________________________ The OpenPKG Project www.openpkg.org Project Announcement List openpkg-announce@openpkg.org