tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [security] Update www/curl to version 7.43.0


Despite the fact that the freeze is now over, I've been informed that
there are problems with curl 7.43.0 caching "Content-Length" between
requests on the same connection. Probably best to wait for a fixed
version to come from upstream.


On 28 June 2015 at 12:03, Pierre Pronchery <> wrote:
>                         Hi tech-pkg@,
> I am attaching a patch here that updates www/curl to version 7.43.0.
> This new version, released on June 17th, corrects two security issues:
> - CVE-2015-3236: lingering HTTP credentials in connection re-use
> - CVE-2015-3237: SMB send off unrelated memory contents
> The full changelog is at It
> also mentions "compilation fixes with old versions of NSS", among other
> fixes.
> This patch deprecates patch-lib_http2.c, which seems to be obsolete in
> 7.43.0 as documented. There is an issue with patch-aa (configure)
> however, which does not apply anymore; someone else should review this,
> or let me know how to handle this part.
> HTH,
> --
> khorben

Home | Main Index | Thread Index | Old Index