diff options
author | Tudor Florea <tudor.florea@enea.com> | 2015-07-07 00:26:20 +0200 |
---|---|---|
committer | Tudor Florea <tudor.florea@enea.com> | 2015-07-07 00:26:20 +0200 |
commit | 430207c9cf87ca0a1e82fcb9915ad890a8e5720f (patch) | |
tree | f93b8269b7ccf0326c48b0b178e3d3583347aedb /meta/recipes-support/curl/curl_7.35.0.bb | |
parent | 9631f6b1399b24433ef577e9f87c0320700f3460 (diff) | |
download | poky-430207c9cf87ca0a1e82fcb9915ad890a8e5720f.tar.gz |
curl: CVE-2014-3707
CVE-2014-3707, libcurl duphandle read out of bounds
libcurl's function curl_easy_duphandle() has a bug
that can lead to libcurl eventually sending off
sensitive data that was not intended for sending.
Reference
http://curl.haxx.se/docs/adv_20141105.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Diffstat (limited to 'meta/recipes-support/curl/curl_7.35.0.bb')
-rw-r--r-- | meta/recipes-support/curl/curl_7.35.0.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl_7.35.0.bb b/meta/recipes-support/curl/curl_7.35.0.bb index 3021dec11f..5fa7277449 100644 --- a/meta/recipes-support/curl/curl_7.35.0.bb +++ b/meta/recipes-support/curl/curl_7.35.0.bb | |||
@@ -13,6 +13,7 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ | |||
13 | file://pkgconfig_fix.patch \ | 13 | file://pkgconfig_fix.patch \ |
14 | file://CVE-2014-3613.patch \ | 14 | file://CVE-2014-3613.patch \ |
15 | file://CVE-2014-3620.patch \ | 15 | file://CVE-2014-3620.patch \ |
16 | file://CVE-2014-3707.patch \ | ||
16 | " | 17 | " |
17 | 18 | ||
18 | # curl likes to set -g0 in CFLAGS, so we stop it | 19 | # curl likes to set -g0 in CFLAGS, so we stop it |