Re: [security] Update www/curl to version 7.43.0

To: Pierre Pronchery <khorben%defora.org@localhost>
Subject: Re: [security] Update www/curl to version 7.43.0
From: Alistair Crooks <alistaircrooks%gmail.com@localhost>
Date: Mon, 29 Jun 2015 09:41:18 -0700

Hi,

Despite the fact that the freeze is now over, I've been informed that
there are problems with curl 7.43.0 caching "Content-Length" between
requests on the same connection. Probably best to wait for a fixed
version to come from upstream.

Thanks,
Alistair

On 28 June 2015 at 12:03, Pierre Pronchery <khorben%defora.org@localhost> wrote:
>                         Hi tech-pkg@,
>
> I am attaching a patch here that updates www/curl to version 7.43.0.
> This new version, released on June 17th, corrects two security issues:
> - CVE-2015-3236: lingering HTTP credentials in connection re-use
> - CVE-2015-3237: SMB send off unrelated memory contents
>
> The full changelog is at http://curl.haxx.se/changes.html#7_43_0. It
> also mentions "compilation fixes with old versions of NSS", among other
> fixes.
>
> This patch deprecates patch-lib_http2.c, which seems to be obsolete in
> 7.43.0 as documented. There is an issue with patch-aa (configure)
> however, which does not apply anymore; someone else should review this,
> or let me know how to handle this part.
>
> HTH,
> --
> khorben

Follow-Ups:
- Re: [security] Update www/curl to version 7.43.0
  - From: Thomas Klausner
- Re: [security] Update www/curl to version 7.43.0
  - From: Pierre Pronchery

References:
- [security] Update www/curl to version 7.43.0
  - From: Pierre Pronchery

Prev by Date: Re: xgettext with UI files support
Next by Date: Re: xgettext with UI files support
Previous by Thread: [security] Update www/curl to version 7.43.0
Next by Thread: Re: [security] Update www/curl to version 7.43.0
Indexes:

Home | Main Index | Thread Index | Old Index