Comment 4 for bug 1840771

As we investigate,
currently libcurl version of starlingx is libcurl-7.29.0-51.el7.x86_64.rpm.
since curl before version 7.61.1 is vulnerable to a buffer overrun. (we are in the scope of vulnerable)
so we should update version to 7.61.1 or more.

but when we search from upstream where url: https://rpmfind.net/linux/rpm2html/search.php?query=libcurl&submit=Search+...&system=centos&arch=x86_64
we find curl version for centos, libcurl-7.29.0-51.el7.x86_64.rpm is already the latest version.
so we don't own upstream rpm package for starlingx to upgrade.

shall we build latest libcurl rpm with source tarball by ourself,
or we not update curl version until upstream curl upgrade latest version.
or every guys have any suggestions, please let me know.

<email address hidden>