diff options
| author | Michael Stahl <Michael.Stahl@cib.de> | 2019-05-22 11:40:54 +0200 |
|---|---|---|
| committer | Michael Stahl <Michael.Stahl@cib.de> | 2019-05-22 15:04:24 +0200 |
| commit | edb01616ac176401650c35d938c75c6c5558a47e (patch) | |
| tree | e39a05a0c9bfedb918f5eab075ef20bf29a2d0e7 /download.lst | |
| parent | 9c346feb33bddfe9b52a8a4cbc70e81193ce3c95 (diff) | |
curl: upgrade to release 7.65.0
Fixes CVE-2019-5435. It looks like this is not a problem on 32-bit
Windows because fortunately we don't use /LARGEADDRESSAWARE flag
to set IMAGE_FILE_LARGE_ADDRESS_AWARE... but on 32-bit Linux
the user-space VM is 3GB so an exploit might be possible.
Apparently there's no code in LO that uses the CURLU_URLENCODE flag.
The other one, CVE-2019-5436, doesn't matter because we disable tftp.
Change-Id: I0d4f087befa5a3c4fb21ec36761dad68932425d9
Reviewed-on: https://gerrit.libreoffice.org/72732
Tested-by: Jenkins
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
Diffstat (limited to 'download.lst')
| -rw-r--r-- | download.lst | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/download.lst b/download.lst index 81b6dbda6516..8fbc74661141 100644 --- a/download.lst +++ b/download.lst @@ -29,8 +29,8 @@ export CPPUNIT_SHA256SUM := 3d569869d27b48860210c758c4f313082103a5e58219a7669b52 export CPPUNIT_TARBALL := cppunit-1.14.0.tar.gz export CT2N_SHA256SUM := 71b238efd2734be9800af07566daea8d6685aeed28db5eb5fa0e6453f4d85de3 export CT2N_TARBALL := 1f467e5bb703f12cbbb09d5cf67ecf4a-converttexttonumber-1-5-0.oxt -export CURL_SHA256SUM := cb90d2eb74d4e358c1ed1489f8e3af96b50ea4374ad71f143fa4595e998d81b5 -export CURL_TARBALL := curl-7.64.0.tar.gz +export CURL_SHA256SUM := 7766d263929404f693905b5e5222aa0f2bdf8c66ab4b8758f0c0820a42b966cd +export CURL_TARBALL := curl-7.65.0.tar.xz export EBOOK_SHA256SUM := 7e8d8ff34f27831aca3bc6f9cc532c2f90d2057c778963b884ff3d1e34dfe1f9 export EBOOK_TARBALL := libe-book-0.1.3.tar.xz export EPOXY_SHA256SUM := 002958c5528321edd53440235d3c44e71b5b1e09b9177e8daf677450b6c4433d |