summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support
Commit message (Collapse)AuthorAgeFilesLines
* gnutls: CVE-2015-0282Sona Sarmadi2015-09-092-0/+488
| | | | | | | | | | | | Fixes RSA PKCS#1 signature verification forgery References http://www.gnutls.org/security.html#GNUTLS-SA-2015-1 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0282 https://www.debian.org/security/2015/dsa-3191 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* curl: CVE-2014-8150Tudor Florea2015-07-072-0/+37
| | | | | | | | | | | | | | CVE-2014-8150, URL request injection: When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. Reference http://curl.haxx.se/docs/adv_20150108B.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* curl: CVE-2014-3707Tudor Florea2015-07-072-0/+403
| | | | | | | | | | | | | CVE-2014-3707, libcurl duphandle read out of bounds libcurl's function curl_easy_duphandle() has a bug that can lead to libcurl eventually sending off sensitive data that was not intended for sending. Reference http://curl.haxx.se/docs/adv_20141105.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* curl: Security Advisory - curl - CVE-2014-3620Tudor Florea2015-07-072-0/+70
| | | | | | | | | | | | | | | | libcurl wrongly allows cookies to be set for Top Level Domains (TLDs), thus making them apply broader than cookies are allowed. This can allow arbitrary sites to set cookies that then would get sent to a different and unrelated site or domain. (From OE-Core rev: ddbaade8afbc9767583728bfdc220639203d6853) (From OE-Core rev: 13bb2ee98cfd159455e459501dda280a78cb5a3b) Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* curl: Security Advisory - curl - CVE-2014-3613Tudor Florea2015-07-072-0/+270
| | | | | | | | | | | | | | | | By not detecting and rejecting domain names for partial literal IP addresses properly when parsing received HTTP cookies, libcurl can be fooled to both sending cookies to wrong sites and into allowing arbitrary sites to set cookies for others. (From OE-Core rev: 985ef933208da1dd1f17645613ce08e6ad27e2c1) (From OE-Core rev: dbbda31ca0a29c930f3078635ae7c5a41d933b58) Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* gnutls: patch for CVE-2014-3466 backportedValentin Popa2015-07-062-0/+31
| | | | | | | | | | | Backported patch for CVE-2014-3466. This patch is for daisy. (From OE-Core rev: ca2773b19db4881abe5244c373d94ff05cd2684f) Signed-off-by: Valentin Popa <valentin.popa@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* initial commit for Enea Linux 4.0Adrian Dudau2014-06-26219-0/+15468
Migrated from the internal git server on the daisy-enea branch Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-09 18:01:12 +0000