diff options
| author | Tudor Florea <tudor.florea@enea.com> | 2015-07-07 00:18:22 +0200 |
|---|---|---|
| committer | Tudor Florea <tudor.florea@enea.com> | 2015-07-07 00:18:22 +0200 |
| commit | 35272ed55c848a63c2468b7ea1f0ddce64b4bd73 (patch) | |
| tree | ad3ee02e085215806e5460a83b8fc67f3b3c928c /meta/recipes-support/curl/curl_7.35.0.bb | |
| parent | d3f677a56013b1706854b016cde4dd4c4bc281fd (diff) | |
| download | poky-35272ed55c848a63c2468b7ea1f0ddce64b4bd73.tar.gz | |
curl: Security Advisory - curl - CVE-2014-3613
By not detecting and rejecting domain names for partial literal IP addresses
properly when parsing received HTTP cookies, libcurl can be fooled to both
sending cookies to wrong sites and into allowing arbitrary sites to set cookies
for others.
(From OE-Core rev: 985ef933208da1dd1f17645613ce08e6ad27e2c1)
(From OE-Core rev: dbbda31ca0a29c930f3078635ae7c5a41d933b58)
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Diffstat (limited to 'meta/recipes-support/curl/curl_7.35.0.bb')
| -rw-r--r-- | meta/recipes-support/curl/curl_7.35.0.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl_7.35.0.bb b/meta/recipes-support/curl/curl_7.35.0.bb index 9cc60c88f7..97f5ee38b5 100644 --- a/meta/recipes-support/curl/curl_7.35.0.bb +++ b/meta/recipes-support/curl/curl_7.35.0.bb | |||
| @@ -11,6 +11,7 @@ DEPENDS_class-nativesdk = "nativesdk-zlib" | |||
| 11 | 11 | ||
| 12 | SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ | 12 | SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ |
| 13 | file://pkgconfig_fix.patch \ | 13 | file://pkgconfig_fix.patch \ |
| 14 | file://CVE-2014-3613.patch \ | ||
| 14 | " | 15 | " |
| 15 | 16 | ||
| 16 | # curl likes to set -g0 in CFLAGS, so we stop it | 17 | # curl likes to set -g0 in CFLAGS, so we stop it |