AVG-696 log

Package lib32-libcurl-compat
Status Fixed
Severity Critical
Type multiple issues
Affected 7.59.0-1
Fixed 7.60.0-1
Current 8.11.1-3 [multilib-testing]
8.11.1-2 [multilib]
Ticket None
Created Wed May 16 09:11:39 2018
Issue Severity Remote Type Description
CVE-2018-1000301 Medium Yes Denial of service
curl >= 7.20.0 and < 7.60.0 can be tricked into reading data beyond the end of a heap based buffer used to store downloaded content. When servers send RTSP...
CVE-2018-1000300 Critical Yes Arbitrary code execution
curl >= 7.54.1 and < 7.60.0 might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies. When doing...
Date Advisory Package Type
18 May 2018 ASA-201805-15 lib32-libcurl-compat multiple issues