AVG-113 log

Package libcurl-compat
Status Fixed
Severity Medium
Type multiple issues
Affected 7.51.0-1
Fixed 7.52.1-1
Current 8.11.0-3 [core]
Ticket FS#52247
Created Fri Dec 23 00:16:34 2016
Issue Severity Remote Type Description
CVE-2016-9594 Medium Yes Incorrect calculation
libcurl's (new) internal function that returns a good 32bit random value was implemented poorly and overwrote the pointer instead of writing the value into...
CVE-2016-9586 Medium Yes Arbitrary code execution
libcurl's implementation of the printf() functions triggers a buffer overflow when doing a large floating point output. The bug occurs when the conversion...
Date Advisory Package Type
03 Jan 2017 ASA-201701-7 libcurl-compat multiple issues
References
https://curl.haxx.se/docs/adv_20161221A.html