AVG-112 log

Package curl
Status Fixed
Severity Medium
Type multiple issues
Affected 7.51.0-1
Fixed 7.52.1-1
Current 8.11.1-3 [core-testing]
8.11.1-2 [core]
Ticket FS#52247
Created Fri Dec 23 00:16:09 2016
Issue Severity Remote Type Description
CVE-2016-9594 Medium Yes Incorrect calculation
libcurl's (new) internal function that returns a good 32bit random value was implemented poorly and overwrote the pointer instead of writing the value into...
CVE-2016-9586 Medium Yes Arbitrary code execution
libcurl's implementation of the printf() functions triggers a buffer overflow when doing a large floating point output. The bug occurs when the conversion...
Date Advisory Package Type
27 Dec 2016 ASA-201612-22 curl multiple issues
References
https://curl.haxx.se/docs/adv_20161221A.html