Subject: CVS commit: pkgsrc/emulators/suse131_libcurl
From: OBATA Akio
Date: 2014-09-18 13:10:51
Message id: 20140918111051.4233198@cvs.netbsd.org
Log Message:
security fix update for suse131_libcurl.

   openSUSE Security Update: curl
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2014:1139-1
Rating:             important
References:         #894575 #895991
Cross-References:   CVE-2014-3613 CVE-2014-3620
Affected Products:
                    openSUSE 13.1
                    openSUSE 12.3
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:

   libcurl was updated to fix security issues:

   CVE-2014-3613: Cookies for hosts specified by numeric IP could be assigned
   or used for other numeric IP hosts if portions of the numerics were the
   same.

   CVE-2014-3620: libcurl allowed cookies to be set for toplevel domains,
   making them to broad.
Files:
RevisionActionfile
1.6modifypkgsrc/emulators/suse131_libcurl/Makefile
1.5modifypkgsrc/emulators/suse131_libcurl/distinfo