On Wed, May 11, 2022 at 09:20:28AM +0200, Christian Melki wrote: > Usual churn of fixes. > Curl is seeing an accelerated CVE ticketing. > Probably due to a functioning bug bounty program. > https://hackerone.com/curl?type=team > With 30 reports in the last 90 days. > So probably expect more CVEs in the near future. > > Changelog: https://curl.se/changes.html > Security: https://curl.se/docs/security.html > > Plugs CVEs: CVE-2022-30115, CVE-2022-27782, CVE-2022-27781, > CVE-2022-27780, CVE-2022-27779, CVE-2022-27778
The old version has a patch. It's from upstream, but I'm not sure if it got applied to the bugfix release. Michael > Signed-off-by: Christian Melki <christian.me...@t2data.com> > --- > rules/libcurl.make | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/rules/libcurl.make b/rules/libcurl.make > index 3840b2abd..8faa948bf 100644 > --- a/rules/libcurl.make > +++ b/rules/libcurl.make > @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_LIBCURL) += libcurl > # > # Paths and names > # > -LIBCURL_VERSION := 7.83.0 > -LIBCURL_MD5 := b7924acdea33dedc3150a044789ed0bb > +LIBCURL_VERSION := 7.83.1 > +LIBCURL_MD5 := 08c6d9c25d9cf8d17be28363753e42ca > LIBCURL := curl-$(LIBCURL_VERSION) > LIBCURL_SUFFIX := tar.xz > LIBCURL_URL := https://curl.haxx.se/download/$(LIBCURL).$(LIBCURL_SUFFIX) > -- > 2.34.1 > > > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
