From cbcb28abb31adadfd4c0e13701f44fa8f672aca0 Mon Sep 17 00:00:00 2001
From: "Long.Li" <longx.li@intel.com>
Date: Wed, 28 Aug 2019 10:25:55 +0800
Subject: [PATCH] Upgrade curl to version 7.29.0-51.el7_6.3

curl version 7.29.0-51.el7 is vulnerable to a buffer overrun in
the NTLM authentication code, as per link
https://access.redhat.com/errata/RHSA-2019:1880
This issue is fixed in libcurl-7.29.0-51.el7_6.3.x86_64.rpm for
RHEL/CentOS.

Details:
https://nvd.nist.gov/vuln/detail/CVE-2018-14618
https://curl.haxx.se/docs/CVE-2017-8816.html
https://access.redhat.com/errata/RHSA-2019:1880

Closes-Bug: 1840771
Change-Id: Idb2237741e97abb63921a82b0f60213618230786
Signed-off-by: Long.Li <longx.li@intel.com>
---
 centos-mirror-tools/rpms_centos.lst | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/centos-mirror-tools/rpms_centos.lst b/centos-mirror-tools/rpms_centos.lst
index dd52fe7a..4c842f7d 100644
--- a/centos-mirror-tools/rpms_centos.lst
+++ b/centos-mirror-tools/rpms_centos.lst
@@ -171,7 +171,7 @@ cryptsetup-libs-2.0.3-3.el7.x86_64.rpm
 ctags-5.8-13.el7.x86_64.rpm
 cups-client-1.6.3-35.el7.x86_64.rpm
 cups-libs-1.6.3-35.el7.x86_64.rpm
-curl-7.29.0-51.el7.x86_64.rpm
+curl-7.29.0-51.el7_6.3.x86_64.rpm
 cyrus-sasl-2.1.26-23.el7.x86_64.rpm
 cyrus-sasl-devel-2.1.26-23.el7.x86_64.rpm
 cyrus-sasl-gssapi-2.1.26-23.el7.x86_64.rpm
@@ -583,8 +583,8 @@ libcmocka-devel-1.1.3-1.el7.x86_64.rpm
 libcollection-0.7.0-32.el7.x86_64.rpm
 libconfig-1.4.9-5.el7.x86_64.rpm
 libcroco-0.6.12-4.el7.x86_64.rpm
-libcurl-7.29.0-51.el7.x86_64.rpm
-libcurl-devel-7.29.0-51.el7.x86_64.rpm
+libcurl-7.29.0-51.el7_6.3.x86_64.rpm
+libcurl-devel-7.29.0-51.el7_6.3.x86_64.rpm
 libdaemon-0.14-7.el7.x86_64.rpm
 libdb-5.3.21-24.el7.x86_64.rpm
 libdb-devel-5.3.21-24.el7.x86_64.rpm