new upstream release - 8.4.0

Resolves: CVE-2023-38545 - SOCKS5 heap buffer overflow
Resolves: CVE-2023-38546 - cookie injection with none file
This commit is contained in:
Jan Macku 2023-10-11 15:36:19 +02:00
parent 554e13f798
commit cb17cbc66a
2 changed files with 8 additions and 3 deletions

View File

@ -1,6 +1,6 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl
Version: 8.3.0
Version: 8.4.0
Release: 1%{?dist}
License: curl
Source0: https://curl.se/download/%{name}-%{version}.tar.xz
@ -410,6 +410,11 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
%changelog
* Wed Oct 11 2023 Jan Macku <jamacku@redhat.com> - 8.4.0-1
- new upstream release, which fixes the following vulnerabilities
CVE-2023-38545 - SOCKS5 heap buffer overflow
CVE-2023-38546 - cookie injection with none file
* Wed Sep 13 2023 Jan Macku <jamacku@redhat.com> - 8.3.0-1
- new upstream release, which fixes the following vulnerabilities
CVE-2023-38039 - HTTP headers eat all memory

View File

@ -1,2 +1,2 @@
SHA512 (curl-8.3.0.tar.xz) = 6404b4c74fe1185cb482631ca3a143996cb7298d0d8a76bfafd7696e7729c00559999a069bdba782dee3f3eb273fb678a4438cb27d3deca54022878cdff83a51
SHA512 (curl-8.3.0.tar.xz.asc) = b7d45722640ac50181b20a6d663168ec6eec6691c5604ddfe9c7177f07da598cb2de688c631043dc428c311774d781ccd16bd1e2fb4f038be651e3bee383aec4
SHA512 (curl-8.4.0.tar.xz) = 7027dbf3b759b39d6ec9c4da58fadd254e84bb93bff599541b3bc3135bad4c2955c6237d7ddd60973f9f1a6948bc32d7e312985fb50658bc958b9f22fee74f2b
SHA512 (curl-8.4.0.tar.xz.asc) = b8b7a5b76be816e7b1552354f267f335fdc608cdadbd2c40ab44faf6450c6bbd2853b6de5c2746a1292aad33a8ee1c367380d32bb1a8282540b38c3b985a320e