You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@openoffice.apache.org by bu...@apache.org on 2016/03/29 01:23:17 UTC
[Issue 126896] New: bundled curl version 7.19.7 has many
vulnerabilities
https://bz.apache.org/ooo/show_bug.cgi?id=126896
Issue ID: 126896
Issue Type: DEFECT
Summary: bundled curl version 7.19.7 has many vulnerabilities
Product: Build Tools
Version: 4.2.0-dev
Hardware: All
OS: All
Status: CONFIRMED
Severity: Normal
Priority: P5 (lowest)
Component: external prerequisites
Assignee: issues@openoffice.apache.org
Reporter: truckman@apache.org
Created attachment 85374
--> https://bz.apache.org/ooo/attachment.cgi?id=85374&action=edit
patch to ugprade bundled curl to version 7.48.0
The curl-7.19.7 software bundled with Openoffice has these security
vulnerabilities:
CVE-2010-0734
CVE-2011-2192
CVE-2013-2174
CVE-2014-3143
CVE-2014-3144
CVE-2014-3145
CVE-2014-3148
CVE-2014-8150
CVE-2015-3153
CVE-2016-0755
The attached patch upgrades curl to version 7.48.0 which has no
publicly disclosed vulnerabilities at this time.
This version of curl appears to require no patches to integrate it
with OpenOffice.
--
You are receiving this mail because:
You are the assignee for the issue.
[Issue 126896] bundled curl version 7.19.7 has many vulnerabilities
Posted by bu...@apache.org.
https://bz.apache.org/ooo/show_bug.cgi?id=126896
Andrea Pescetti <pe...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |4.2.0
CC| |pescetti@apache.org
--
You are receiving this mail because:
You are the assignee for the issue.
[Issue 126896] bundled curl version 7.19.7 has many vulnerabilities
Posted by bu...@apache.org.
https://bz.apache.org/ooo/show_bug.cgi?id=126896
oooforum <oo...@free.fr> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |oooforum@free.fr
Issue Type|DEFECT |PATCH
--- Comment #1 from oooforum <oo...@free.fr> ---
Set status as PATCH
--
You are receiving this mail because:
You are the assignee for the issue.
[Issue 126896] bundled curl version 7.19.7 has many vulnerabilities
Posted by bu...@apache.org.
https://bz.apache.org/ooo/show_bug.cgi?id=126896
Don Lewis <tr...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #85374|0 |1
is obsolete| |
--- Comment #2 from Don Lewis <tr...@apache.org> ---
Created attachment 85615
--> https://bz.apache.org/ooo/attachment.cgi?id=85615&action=edit
patch to ugprade bundled curl to version 7.49.1
The latest version of curl is now 7.49.1.
Update LICENSE info (copyright date and contributor info).
This has been tested on FreeBSD, CentOS, and Windows by doing:
File->Open and specifying an ftp URL.
Note: We have a tarball of the old version of curl checked into svn under
ext_sources. Should this be removed and the new version checked in?
--
You are receiving this mail because:
You are the assignee for the issue.
[Issue 126896] bundled curl version 7.19.7 has many vulnerabilities
Posted by bu...@apache.org.
https://bz.apache.org/ooo/show_bug.cgi?id=126896
--- Comment #4 from SVN Robot <sv...@dev.null.org> ---
"truckman" committed SVN revision 1754469 into trunk:
#i126896#: bundled curl version 7.19.7 has many vulnerabilities
--
You are receiving this mail because:
You are the assignee for the issue.
[Issue 126896] bundled curl version 7.19.7 has many vulnerabilities
Posted by bu...@apache.org.
https://bz.apache.org/ooo/show_bug.cgi?id=126896
Don Lewis <tr...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|CONFIRMED |RESOLVED
--- Comment #5 from Don Lewis <tr...@apache.org> ---
Patch to upgrade to curl 7.49.1 committed.
--
You are receiving this mail because:
You are the assignee for the issue.
[Issue 126896] bundled curl version 7.19.7 has many vulnerabilities
Posted by bu...@apache.org.
https://bz.apache.org/ooo/show_bug.cgi?id=126896
--- Comment #3 from Don Lewis <tr...@apache.org> ---
Curl did need a patch for Windows to produce a library with the name that we
expect.
--
You are receiving this mail because:
You are the assignee for the issue.