From mboxrd@z Thu Jan  1 00:00:00 1970
Delivery-date: Wed, 11 May 2022 12:50:23 +0200
Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33])
	by lore.white.stw.pengutronix.de with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <ptxdist-bounces+lore=lore.pengutronix.de@pengutronix.de>)
	id 1nojvD-009YM4-6Z
	for lore@lore.pengutronix.de; Wed, 11 May 2022 12:50:23 +0200
Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de)
	by metis.ext.pengutronix.de with esmtp (Exim 4.92)
	(envelope-from <ptxdist-bounces@pengutronix.de>)
	id 1nojvB-0005ws-Pq; Wed, 11 May 2022 12:50:21 +0200
Received: from mail.thorsis.com ([92.198.35.195])
 by metis.ext.pengutronix.de with esmtp (Exim 4.92)
 (envelope-from <ada@thorsis.com>) id 1nojuZ-0005wh-Ma
 for ptxdist@pengutronix.de; Wed, 11 May 2022 12:49:45 +0200
Date: Wed, 11 May 2022 12:49:33 +0200
From: Alexander Dahl <ada@thorsis.com>
To: Christian Melki <christian.melki@t2data.com>
Message-ID: <YnuUvYGuY42aABXJ@ada.ifak-system.com>
Mail-Followup-To: Christian Melki <christian.melki@t2data.com>,
 ptxdist@pengutronix.de
References: <20220511072028.1152041-1-christian.melki@t2data.com>
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20220511072028.1152041-1-christian.melki@t2data.com>
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 metis.ext.pengutronix.de
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 required=4.0 tests=AWL,BAYES_00,SPF_HELO_NONE,
 SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no
 version=3.4.2
Subject: Re: [ptxdist] [PATCH] libcurl: Version bump. 7.83.0 -> 7.83.1
X-BeenThere: ptxdist@pengutronix.de
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/cgi-bin/mailman/private/ptxdist/>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Reply-To: ptxdist@pengutronix.de
Cc: ptxdist@pengutronix.de
Sender: "ptxdist" <ptxdist-bounces@pengutronix.de>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de
X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false

Hej hej,

Am Wed, May 11, 2022 at 09:20:28AM +0200 schrieb Christian Melki:
> Usual churn of fixes.
> Curl is seeing an accelerated CVE ticketing.
> Probably due to a functioning bug bounty program.
> https://hackerone.com/curl?type=team
> With 30 reports in the last 90 days.
> So probably expect more CVEs in the near future.
> 
> Changelog: https://curl.se/changes.html
> Security: https://curl.se/docs/security.html
> 
> Plugs CVEs: CVE-2022-30115, CVE-2022-27782, CVE-2022-27781,
> CVE-2022-27780, CVE-2022-27779, CVE-2022-27778
> 
> Signed-off-by: Christian Melki <christian.melki@t2data.com>

Acked-by: Alexander Dahl <ada@thorsis.com>

Greets
Alex

> ---
>  rules/libcurl.make | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/rules/libcurl.make b/rules/libcurl.make
> index 3840b2abd..8faa948bf 100644
> --- a/rules/libcurl.make
> +++ b/rules/libcurl.make
> @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_LIBCURL) += libcurl
>  #
>  # Paths and names
>  #
> -LIBCURL_VERSION	:= 7.83.0
> -LIBCURL_MD5	:= b7924acdea33dedc3150a044789ed0bb
> +LIBCURL_VERSION	:= 7.83.1
> +LIBCURL_MD5	:= 08c6d9c25d9cf8d17be28363753e42ca
>  LIBCURL		:= curl-$(LIBCURL_VERSION)
>  LIBCURL_SUFFIX	:= tar.xz
>  LIBCURL_URL	:= https://curl.haxx.se/download/$(LIBCURL).$(LIBCURL_SUFFIX)
> -- 
> 2.34.1
> 
>