From e8be346c3a210a1b4da8b6943c5fe2e5556d29b9 Mon Sep 17 00:00:00 2001
From: Tudor Florea <tudor.florea@enea.com>
Date: Tue, 7 Jul 2015 00:27:49 +0200
Subject:  curl: CVE-2014-8150

CVE-2014-8150, URL request injection:

When libcurl sends a request to a server via a HTTP
proxy, it copies the entire URL into the request
and sends if off.

Reference
http://curl.haxx.se/docs/adv_20150108B.html

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
---
 meta/recipes-support/curl/curl_7.35.0.bb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'meta/recipes-support/curl/curl_7.35.0.bb')

diff --git a/meta/recipes-support/curl/curl_7.35.0.bb b/meta/recipes-support/curl/curl_7.35.0.bb
index 5fa7277449..3eb6265c42 100644
--- a/meta/recipes-support/curl/curl_7.35.0.bb
+++ b/meta/recipes-support/curl/curl_7.35.0.bb
@@ -14,6 +14,7 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
            file://CVE-2014-3613.patch \
            file://CVE-2014-3620.patch \
            file://CVE-2014-3707.patch \
+           file://CVE-2014-8150.patch \
 "
 
 # curl likes to set -g0 in CFLAGS, so we stop it
-- 
cgit v1.2.3-54-g00ecf