curl: Backport CVE fixes - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Robert Joslyn <robert.joslyn@redrectangle.org>	2022-01-14 20:09:07 -0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-01-25 12:07:01 +0000
commit	8400410a4c9fc6abd3156c426ec4b3d5d9a0c60a (patch)
tree	ec3f8bb468cdd25ad1642356b64ca6b559bfa9fe /scripts/lib/wic/pluginbase.py
parent	6fac5cc9f37d9fc405ea948380581ce313d1d5c9 (diff)
download	poky-8400410a4c9fc6abd3156c426ec4b3d5d9a0c60a.tar.gz

curl: Backport CVE fixes

Backport fixes for CVE-2021-22922, CVE-2021-22923, CVE-2021-22945, CVE-2021-22946, and CVE-2021-22947. * https://curl.se/docs/CVE-2021-22922.html * https://curl.se/docs/CVE-2021-22923.html * https://curl.se/docs/CVE-2021-22945.html * https://curl.se/docs/CVE-2021-22946.html * https://curl.se/docs/CVE-2021-22947.html 22922 and 22923 were fixed by upstream by simply removing metalink support in newer versions. These are mitigated in older versions by disabling metalink support, which was already done by the recipe, so whitelist these CVEs. 22945, 22946, and 22947 are backported with only trivial patch fuzz modifications. (From OE-Core rev: 705718cfe243e05e0975bad3b822666363ef55df) Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/lib/wic/pluginbase.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: