I was just made aware of this security advisory: https://curl.haxx.se/docs/adv_20160907.html I am want to make sure that the port maintainer sunpoet@FreeBSD.org is aware of it.
Affected versions: libcurl 7.19.6 to and including 7.50.1 Not affected versions: libcurl >= 7.50.2 There is an individual commit for this as well: https://github.com/curl/curl/commit/curl-7_50_2~32
See https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212677 for the update to 7.50.3, which, according to the changelog, fixes another CVE: https://curl.haxx.se/docs/adv_20160914.html
@Kurt Maybe re-open and block this by bug 212677
MFH not necessary, will be taken care of in bug 212677
Closed in dependent bug 212677, assign to committer that resolved