curl: Security Advisory - curl - CVE-2014-3620

libcurl wrongly allows cookies to be set for Top Level Domains (TLDs), thus making them apply broader than cookies are allowed. This can allow arbitrary sites to set cookies that then would get sent to a different and unrelated site or domain. (From OE-Core rev: ddbaade8afbc9767583728bfdc220639203d6853) (From OE-Core rev: 13bb2ee98cfd159455e459501dda280a78cb5a3b) Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
author: Tudor Florea <tudor.florea@enea.com> 2015-07-07 00:23:37 +0200
committer: Tudor Florea <tudor.florea@enea.com> 2015-07-07 00:23:37 +0200
commit: 9631f6b1399b24433ef577e9f87c0320700f3460 (patch)
tree: 7165ac8cc44587788de6b818c2b8ffbfe97465a6 /meta/recipes-support/curl/curl_7.35.0.bb
parent: 35272ed55c848a63c2468b7ea1f0ddce64b4bd73 (diff)
download: poky-9631f6b1399b24433ef577e9f87c0320700f3460.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl_7.35.0.bb b/meta/recipes-support/curl/curl_7.35.0.bb
index 97f5ee38b5..3021dec11f 100644
--- a/meta/recipes-support/curl/curl_7.35.0.bb
+++ b/meta/recipes-support/curl/curl_7.35.0.bb
@@ -12,6 +12,7 @@ DEPENDS_class-nativesdk = "nativesdk-zlib"
 SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
           file://pkgconfig_fix.patch \
           file://CVE-2014-3613.patch \
+           file://CVE-2014-3620.patch \
 "
 # curl likes to set -g0 in CFLAGS, so we stop it
author	Tudor Florea <tudor.florea@enea.com>	2015-07-07 00:23:37 +0200
committer	Tudor Florea <tudor.florea@enea.com>	2015-07-07 00:23:37 +0200
commit	9631f6b1399b24433ef577e9f87c0320700f3460 (patch)
tree	7165ac8cc44587788de6b818c2b8ffbfe97465a6 /meta/recipes-support/curl/curl_7.35.0.bb
parent	35272ed55c848a63c2468b7ea1f0ddce64b4bd73 (diff)
download	poky-9631f6b1399b24433ef577e9f87c0320700f3460.tar.gz

diff --git a/meta/recipes-support/curl/curl_7.35.0.bb b/meta/recipes-support/curl/curl_7.35.0.bb index 97f5ee38b5..3021dec11f 100644 --- a/meta/recipes-support/curl/curl_7.35.0.bb +++ b/meta/recipes-support/curl/curl_7.35.0.bb
@@ -12,6 +12,7 @@ DEPENDS_class-nativesdk = "nativesdk-zlib"
12	SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \	12	SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
13	file://pkgconfig_fix.patch \	13	file://pkgconfig_fix.patch \
14	file://CVE-2014-3613.patch \	14	file://CVE-2014-3613.patch \
		15	file://CVE-2014-3620.patch \
15	"	16	"
16		17
17	# curl likes to set -g0 in CFLAGS, so we stop it	18	# curl likes to set -g0 in CFLAGS, so we stop it