advisories/10595.adv

type: security
subject: Updated curl packages fix CVE-2013-2174
CVE:
  - CVE-2013-2174
src:
  2:
   core:
    - curl-7.24.0-1.2.mga2
  3:
   core:
    - curl-7.28.1-6.1.mga3
description: |
  libcurl is vulnerable to a case of bad checking of the input data which may
  lead to heap corruption. The function curl_easy_unescape() decodes URL encoded
  strings to raw binary data. URL encoded octets are represented with %HH
  combinations where HH is a two-digit hexadecimal number. The decoded string is
  written to an allocated memory area that the function returns to the caller
  (CVE-2013-2174)
references:
  - http://curl.haxx.se/docs/adv_20130622.html
  - https://bugs.mageia.org/show_bug.cgi?id=10595
1	type: security
2	subject: Updated curl packages fix CVE-2013-2174
3	CVE:
4	- CVE-2013-2174
5	src:
6	2:
7	core:
8	- curl-7.24.0-1.2.mga2
9	3:
10	core:
11	- curl-7.28.1-6.1.mga3
12	description: \|
13	libcurl is vulnerable to a case of bad checking of the input data which may
14	lead to heap corruption. The function curl_easy_unescape() decodes URL encoded
15	strings to raw binary data. URL encoded octets are represented with %HH
16	combinations where HH is a two-digit hexadecimal number. The decoded string is
17	written to an allocated memory area that the function returns to the caller
18	(CVE-2013-2174)
19	references:
20	- http://curl.haxx.se/docs/adv_20130622.html
21	- https://bugs.mageia.org/show_bug.cgi?id=10595