[OpenWrt-Devel] [CC 15.05] curl: Security update (CVE-2016-0755)
jow at openwrt.org
jow at openwrt.org
Wed Mar 2 05:23:11 EST 2016
The curl package has been rebuilt and was uploaded to the Chaos Calmer
15.05 repository due to a reported security issue.
VERSION
7.40.0-3 => 7.40.0-3.1
CHANGELOG
[Wed, 2 Mar 2016 09:51:47 +0000 0914eea]
Bump pkg revision
[Tue, 1 Mar 2016 22:42:51 +0000 380df1a]
This fixes the following security problem: CVE-2016-0755: NTLM
credentials not-checked for proxy connection re-use
http://curl.haxx.se/docs/adv_20160127B.html
backport of r48614.
CHANGES
package/network/utils/curl/Makefile | 4 +-
.../curl/patches/018-CVE-2016-0755.patch | 126 +++++++++++++++++
2 files changed, 128 insertions(+), 2 deletions(-)
REFERENCES
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0755
* http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=380df1a3bd556a21393706c5facb10c76657ea16
* http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=0914eeac49722a112ba6c4c70c8a86317ea6d29c
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list