curl: Security Advisory - curl - CVE-2014-3620

libcurl wrongly allows cookies to be set for Top Level Domains (TLDs), thus making them apply broader than cookies are allowed. This can allow arbitrary sites to set cookies that then would get sent to a different and unrelated site or domain. (From OE-Core rev: ddbaade8afbc9767583728bfdc220639203d6853) (From OE-Core rev: db194a3af25a37ff2d6f091ef021894967ca5910) Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Chong Lu <Chong.Lu@windriver.com> 2014-11-04 09:35:18 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2014-11-21 16:49:37 +0000
commit: 19750cac36cc2400adb13a5bd247f255d37adc10 (patch)
tree: 9955e5d0bae457ccd5f99afad6f7d0a64d875718 /meta/recipes-support/curl/curl_7.37.1.bb
parent: 5deb78802ae787e74d08f4cc326651575be2dc0b (diff)
download: poky-19750cac36cc2400adb13a5bd247f255d37adc10.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl_7.37.1.bb b/meta/recipes-support/curl/curl_7.37.1.bb
index 1147675b85..8b854d7a8c 100644
--- a/meta/recipes-support/curl/curl_7.37.1.bb
+++ b/meta/recipes-support/curl/curl_7.37.1.bb
@@ -8,6 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;beginline=7;md5=3a34942f4ae3fbf1a303160714e66
 SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
           file://pkgconfig_fix.patch \
           file://CVE-2014-3613.patch \
+           file://CVE-2014-3620.patch \
 "
 # curl likes to set -g0 in CFLAGS, so we stop it
author	Chong Lu <Chong.Lu@windriver.com>	2014-11-04 09:35:18 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2014-11-21 16:49:37 +0000
commit	19750cac36cc2400adb13a5bd247f255d37adc10 (patch)
tree	9955e5d0bae457ccd5f99afad6f7d0a64d875718 /meta/recipes-support/curl/curl_7.37.1.bb
parent	5deb78802ae787e74d08f4cc326651575be2dc0b (diff)
download	poky-19750cac36cc2400adb13a5bd247f255d37adc10.tar.gz

diff --git a/meta/recipes-support/curl/curl_7.37.1.bb b/meta/recipes-support/curl/curl_7.37.1.bb index 1147675b85..8b854d7a8c 100644 --- a/meta/recipes-support/curl/curl_7.37.1.bb +++ b/meta/recipes-support/curl/curl_7.37.1.bb
@@ -8,6 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;beginline=7;md5=3a34942f4ae3fbf1a303160714e66
8	SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \	8	SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
9	file://pkgconfig_fix.patch \	9	file://pkgconfig_fix.patch \
10	file://CVE-2014-3613.patch \	10	file://CVE-2014-3613.patch \
		11	file://CVE-2014-3620.patch \
11	"	12	"
12		13
13	# curl likes to set -g0 in CFLAGS, so we stop it	14	# curl likes to set -g0 in CFLAGS, so we stop it