advisories/10595.adv

type: security
subject: Updated curl packages fix CVE-2013-2174
CVE:
  - CVE-2013-2174
src:
  2:
   core:
    - curl-7.24.0-1.2.mga2
  3:
   core:
    - curl-7.28.1-6.1.mga3
description: |
  libcurl is vulnerable to a case of bad checking of the input data which may
  lead to heap corruption. The function curl_easy_unescape() decodes URL encoded
  strings to raw binary data. URL encoded octets are represented with %HH
  combinations where HH is a two-digit hexadecimal number. The decoded string is
  written to an allocated memory area that the function returns to the caller
  (CVE-2013-2174)
references:
  - http://curl.haxx.se/docs/adv_20130622.html
  - https://bugs.mageia.org/show_bug.cgi?id=10595
ID: MGASA-2013-0188
1	claire	78	type: security
2			subject: Updated curl packages fix CVE-2013-2174
3			CVE:
4			- CVE-2013-2174
5			src:
6			2:
7			core:
8			- curl-7.24.0-1.2.mga2
9			3:
10			core:
11			- curl-7.28.1-6.1.mga3
12			description: \|
13			libcurl is vulnerable to a case of bad checking of the input data which may
14			lead to heap corruption. The function curl_easy_unescape() decodes URL encoded
15			strings to raw binary data. URL encoded octets are represented with %HH
16			combinations where HH is a two-digit hexadecimal number. The decoded string is
17			written to an allocated memory area that the function returns to the caller
18			(CVE-2013-2174)
19			references:
20			- http://curl.haxx.se/docs/adv_20130622.html
21			- https://bugs.mageia.org/show_bug.cgi?id=10595
22	boklm	100	ID: MGASA-2013-0188