1 |
type: security |
2 |
subject: Updated curl packages fix CVE-2013-2174 |
3 |
CVE: |
4 |
- CVE-2013-2174 |
5 |
src: |
6 |
2: |
7 |
core: |
8 |
- curl-7.24.0-1.2.mga2 |
9 |
3: |
10 |
core: |
11 |
- curl-7.28.1-6.1.mga3 |
12 |
description: | |
13 |
libcurl is vulnerable to a case of bad checking of the input data which may |
14 |
lead to heap corruption. The function curl_easy_unescape() decodes URL encoded |
15 |
strings to raw binary data. URL encoded octets are represented with %HH |
16 |
combinations where HH is a two-digit hexadecimal number. The decoded string is |
17 |
written to an allocated memory area that the function returns to the caller |
18 |
(CVE-2013-2174) |
19 |
references: |
20 |
- http://curl.haxx.se/docs/adv_20130622.html |
21 |
- https://bugs.mageia.org/show_bug.cgi?id=10595 |
22 |
ID: MGASA-2013-0188 |