[OpenWrt-Devel] [CC 15.05] curl: Security update (CVE-2016-0755)

jow at openwrt.org jow at openwrt.org
Wed Mar 2 05:23:11 EST 2016


The curl package has been rebuilt and was uploaded to the Chaos Calmer
15.05 repository due to a reported security issue.


VERSION

7.40.0-3 => 7.40.0-3.1


CHANGELOG

[Wed, 2 Mar 2016 09:51:47 +0000 0914eea]

Bump pkg revision

[Tue, 1 Mar 2016 22:42:51 +0000 380df1a]

This fixes the following security problem: CVE-2016-0755: NTLM
credentials not-checked for proxy connection re-use
http://curl.haxx.se/docs/adv_20160127B.html

backport of r48614.


CHANGES

 package/network/utils/curl/Makefile           |    4 +-
 .../curl/patches/018-CVE-2016-0755.patch      |  126 +++++++++++++++++
 2 files changed, 128 insertions(+), 2 deletions(-)


REFERENCES

 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0755
 * http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=380df1a3bd556a21393706c5facb10c76657ea16
 * http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=0914eeac49722a112ba6c4c70c8a86317ea6d29c
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


More information about the openwrt-devel mailing list