• Michael Stahl's avatar
    curl: upgrade to release 7.65.0 · edb01616
    Michael Stahl yazdı
    Fixes CVE-2019-5435. It looks like this is not a problem on 32-bit
    Windows because fortunately we don't use /LARGEADDRESSAWARE flag
    to set IMAGE_FILE_LARGE_ADDRESS_AWARE... but on 32-bit Linux
    the user-space VM is 3GB so an exploit might be possible.
    
    Apparently there's no code in LO that uses the CURLU_URLENCODE flag.
    
    The other one, CVE-2019-5436, doesn't matter because we disable tftp.
    
    Change-Id: I0d4f087befa5a3c4fb21ec36761dad68932425d9
    Reviewed-on: https://gerrit.libreoffice.org/72732
    Tested-by: Jenkins
    Reviewed-by: 's avatarMichael Stahl <Michael.Stahl@cib.de>
    edb01616
download.lst 19.7 KB