1 |
claire |
78 |
type: security |
2 |
|
|
subject: Updated curl packages fix CVE-2013-2174 |
3 |
|
|
CVE: |
4 |
|
|
- CVE-2013-2174 |
5 |
|
|
src: |
6 |
|
|
2: |
7 |
|
|
core: |
8 |
|
|
- curl-7.24.0-1.2.mga2 |
9 |
|
|
3: |
10 |
|
|
core: |
11 |
|
|
- curl-7.28.1-6.1.mga3 |
12 |
|
|
description: | |
13 |
|
|
libcurl is vulnerable to a case of bad checking of the input data which may |
14 |
|
|
lead to heap corruption. The function curl_easy_unescape() decodes URL encoded |
15 |
|
|
strings to raw binary data. URL encoded octets are represented with %HH |
16 |
|
|
combinations where HH is a two-digit hexadecimal number. The decoded string is |
17 |
|
|
written to an allocated memory area that the function returns to the caller |
18 |
|
|
(CVE-2013-2174) |
19 |
|
|
references: |
20 |
|
|
- http://curl.haxx.se/docs/adv_20130622.html |
21 |
|
|
- https://bugs.mageia.org/show_bug.cgi?id=10595 |
22 |
boklm |
100 |
ID: MGASA-2013-0188 |