[Buildroot] [PATCH 1/1] package/libcurl: security bump version to 7.87.0
Bernd Kuhls
bernd.kuhls at t-online.de
Wed Dec 21 21:07:04 UTC 2022
Fixes the following security issues:
- CVE-2022-43551: Another HSTS bypass via IDN
https://curl.se/docs/CVE-2022-43551.html
- CVE-2022-43552: HTTP Proxy deny use-after-free
https://curl.se/docs/CVE-2022-43552.html
Changelog: https://curl.se/changes.html
Signed-off-by: Bernd Kuhls <bernd.kuhls at t-online.de>
---
package/libcurl/libcurl.hash | 4 ++--
package/libcurl/libcurl.mk | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/libcurl/libcurl.hash b/package/libcurl/libcurl.hash
index c0e2378cac..230ec8d704 100644
--- a/package/libcurl/libcurl.hash
+++ b/package/libcurl/libcurl.hash
@@ -1,5 +1,5 @@
# Locally calculated after checking pgp signature
-# https://curl.se/download/curl-7.84.0.tar.xz.asc
+# https://curl.se/download/curl-7.87.0.tar.xz.asc
# signed with key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2
-sha256 2d61116e5f485581f6d59865377df4463f2e788677ac43222b496d4e49fb627b curl-7.86.0.tar.xz
+sha256 ee5f1a1955b0ed413435ef79db28b834ea5f0fb7c8cfb1ce47175cc3bee08fff curl-7.87.0.tar.xz
sha256 321b1a09ebc30410f2e837c072e5521cf7095b757193af4a7dae1086e36ed31a COPYING
diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk
index 8de4358107..994b685d34 100644
--- a/package/libcurl/libcurl.mk
+++ b/package/libcurl/libcurl.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBCURL_VERSION = 7.86.0
+LIBCURL_VERSION = 7.87.0
LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
LIBCURL_SITE = https://curl.se/download
LIBCURL_DEPENDENCIES = host-pkgconf \
--
2.34.1
More information about the buildroot
mailing list