home-assistant
/
buildroot
mirror of https://github.com/home-assistant/buildroot.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
buildroot/package/libcurl
History
Peter Korsgaard 8e524bc41a package/libcurl: security bump to version 8.3.0 
Fixes the following security issue:

CVE-2023-38039: HTTP headers eat all memory

When curl retrieves an HTTP response, it stores the incoming headers so that
they can be accessed later via the libcurl headers API.

However, curl did not have a limit on the size or quantity of headers it
would accept in a response, allowing a malicious server to stream an endless
series of headers to a client and eventually cause curl to run out of heap
memory.

https://curl.se/docs/CVE-2023-38039.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 56b0667406)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 		2023-09-24 23:32:15 +02:00
..
Config.in package/libcurl: disable NTLM support definitely 2023-05-06 16:29:11 +02:00
libcurl.hash package/libcurl: security bump to version 8.3.0 2023-09-24 23:32:15 +02:00
libcurl.mk package/libcurl: security bump to version 8.3.0 2023-09-24 23:32:15 +02:00