curl: Security Advisory - curl - CVE-2014-3613 - linux/poky.git

diff options

author	Tudor Florea <tudor.florea@enea.com>	2015-07-07 00:18:22 +0200
committer	Tudor Florea <tudor.florea@enea.com>	2015-07-07 00:18:22 +0200
commit	35272ed55c848a63c2468b7ea1f0ddce64b4bd73 (patch)
tree	ad3ee02e085215806e5460a83b8fc67f3b3c928c /meta-yocto-bsp
parent	d3f677a56013b1706854b016cde4dd4c4bc281fd (diff)
download	poky-35272ed55c848a63c2468b7ea1f0ddce64b4bd73.tar.gz

curl: Security Advisory - curl - CVE-2014-3613

By not detecting and rejecting domain names for partial literal IP addresses properly when parsing received HTTP cookies, libcurl can be fooled to both sending cookies to wrong sites and into allowing arbitrary sites to set cookies for others. (From OE-Core rev: 985ef933208da1dd1f17645613ce08e6ad27e2c1) (From OE-Core rev: dbbda31ca0a29c930f3078635ae7c5a41d933b58) Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>

Diffstat (limited to 'meta-yocto-bsp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: