--- /dev/null
+From 8a6d9ded5f02f0294ae63a007e26087316c1998e Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 4 Oct 2016 16:59:38 +0200
+Subject: [PATCH] parsedate: handle cut off numbers better
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+... and don't read outside of the given buffer!
+
+CVE-2016-8621
+
+bug: https://curl.haxx.se/docs/adv_20161102G.html
+Reported-by: Luật Nguyễn
+
+Upstream-Status: Backport
+https://curl.haxx.se/CVE-2016-8621.patch
+CVE: CVE-2016-8621
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+---
+ lib/parsedate.c | 12 +++++++-----
+ tests/data/test517 | 6 ++++++
+ tests/libtest/lib517.c | 8 +++++++-
+ 3 files changed, 20 insertions(+), 6 deletions(-)
+
+Index: curl-7.44.0/lib/parsedate.c
+===================================================================
+--- curl-7.44.0.orig/lib/parsedate.c
++++ curl-7.44.0/lib/parsedate.c
+@@ -5,7 +5,7 @@
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
++ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+@@ -386,15 +386,17 @@ static int parsedate(const char *date, t
+ /* a digit */
+ int val;
+ char *end;
++ int len=0;
+ if((secnum == -1) &&
+- (3 == sscanf(date, "%02d:%02d:%02d", &hournum, &minnum, &secnum))) {
++ (3 == sscanf(date, "%02d:%02d:%02d%n",
++ &hournum, &minnum, &secnum, &len))) {
+ /* time stamp! */
+- date += 8;
++ date += len;
+ }
+ else if((secnum == -1) &&
+- (2 == sscanf(date, "%02d:%02d", &hournum, &minnum))) {
++ (2 == sscanf(date, "%02d:%02d%n", &hournum, &minnum, &len))) {
+ /* time stamp without seconds */
+- date += 5;
++ date += len;
+ secnum = 0;
+ }
+ else {
+Index: curl-7.44.0/tests/data/test517
+===================================================================
+--- curl-7.44.0.orig/tests/data/test517
++++ curl-7.44.0/tests/data/test517
+@@ -116,6 +116,12 @@ nothing
+ 81: 20111323 12:34:56 => -1
+ 82: 20110623 12:34:79 => -1
+ 83: Wed, 31 Dec 2008 23:59:60 GMT => 1230768000
++84: 20110623 12:3 => 1308830580
++85: 20110623 1:3 => 1308790980
++86: 20110623 1:30 => 1308792600
++87: 20110623 12:12:3 => 1308831123
++88: 20110623 01:12:3 => 1308791523
++89: 20110623 01:99:30 => -1
+ </stdout>
+
+ # This test case previously tested an overflow case ("2094 Nov 6 =>
+Index: curl-7.44.0/tests/libtest/lib517.c
+===================================================================
+--- curl-7.44.0.orig/tests/libtest/lib517.c
++++ curl-7.44.0/tests/libtest/lib517.c
+@@ -5,7 +5,7 @@
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
++ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+@@ -116,6 +116,12 @@ static const char * const dates[]={
+ "20111323 12:34:56",
+ "20110623 12:34:79",
+ "Wed, 31 Dec 2008 23:59:60 GMT", /* leap second */
++ "20110623 12:3",
++ "20110623 1:3",
++ "20110623 1:30",
++ "20110623 12:12:3",
++ "20110623 01:12:3",
++ "20110623 01:99:30",
+ NULL
+ };
+
