New issue
Advanced search Search tips

Issue 661562 link

Starred by 1 user
Status: Archived
Owner:
mnissler@chromium.org
Closed: Nov 2016
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 3
Type: Bug



Sign in to add a comment

Upgrade curl to 7.51.0

Project Member Reported by mnissler@chromium.org, Nov 2 2016 
A new version of curl has been released, fixing a number of security issues: https://curl.haxx.se/changes.html#7_51_0

CVE-2016-8615: cookie injection for other servers
CVE-2016-8616: case insensitive password comparison
CVE-2016-8617: OOB write via unchecked multiplication
CVE-2016-8618: double-free in curl_maprintf
CVE-2016-8619: double-free in krb5 code
CVE-2016-8620: glob parser write/read out of bounds
CVE-2016-8621: curl_getdate read out of bounds
CVE-2016-8622: URL unescape heap overflow via integer truncation
CVE-2016-8623: Use-after-free via shared cookies
CVE-2016-8624: invalid URL parsing with '#'
CVE-2016-8625: IDNA 2003 makes curl use wrong host

A first look didn't see anything severe, however several of these are triggerable via malicious URLs or server-controlled data, so it makes sense to upgrade.
Project Member

Comment 1 by bugdroid1@chromium.org, Nov 10 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/portage-stable/+/33e9df603557c84299e08e895f441430a62c5e13

commit 33e9df603557c84299e08e895f441430a62c5e13
Author: Mattias Nissler <mnissler@chromium.org>
Date: Wed Nov 02 12:39:45 2016

net-misc/curl: version bump to 7.51.0, bug #597760

Cherry pick from upstream with trivial modifications:
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=afa2aaba543bc2beec2465256d2a0907dc9d69e8

BUG= chromium:661562 
TEST=emerge-$BOARD -v1 curl && emerge-$BOARD -v1 $(equery-$BOARD d curl | awk '{ print "=" $1 }')

Change-Id: I13d2a8424be45c7cf11f2a744a1d248601f1c40d
Reviewed-on: https://chromium-review.googlesource.com/406987
Commit-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[modify] https://crrev.com/33e9df603557c84299e08e895f441430a62c5e13/net-misc/curl/Manifest
[rename] https://crrev.com/33e9df603557c84299e08e895f441430a62c5e13/net-misc/curl/curl-7.51.0.ebuild

Comment 2 by mnissler@chromium.org, Nov 10 2016

Status: Fixed (was: Started)

Comment 3 by dchan@google.com, Jan 21 2017

Labels: VerifyIn-57

Comment 4 by dchan@google.com, Mar 4 2017

Labels: VerifyIn-58

Comment 5 by dchan@google.com, Apr 17 2017

Labels: VerifyIn-59

Comment 6 by dchan@google.com, May 30 2017

Labels: VerifyIn-60

Comment 7 by dchan@chromium.org, Aug 1 2017

Labels: VerifyIn-61

Comment 8 by dchan@chromium.org, Oct 14 2017

Status: Archived (was: Fixed)

Sign in to add a comment