diff options
| author | Bhabu Bindu <bhabu.bindu@kpit.com> | 2023-05-29 17:02:43 +0530 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2023-06-01 16:24:07 -1000 |
| commit | 8f3b0b8e9bbff522c1dd9f1507d71c82d228c46e (patch) | |
| tree | 3d7fa2c7c9fef6de8590dd45d364a1b3913bb43b /meta/classes/devshell.bbclass | |
| parent | 2afcf3e39f9016f590e597cee4b71166c982d58d (diff) | |
| download | poky-8f3b0b8e9bbff522c1dd9f1507d71c82d228c46e.tar.gz | |
curl: Fix CVE-2023-28319
Add patch to fix CVE-2023-28319
UAF in SSH sha256 fingerprint check
libcurl offers a feature to verify an SSH server's public key using
a SHA 256hash. When this check fails, libcurl would free the memory
for the fingerprintbefore it returns an error message containing the
(now freed) hash.
This flaw risks inserting sensitive heap-based data into the error
message that might be shown to users or otherwise get
leaked and revealed.
Link: https://curl.se/docs/CVE-2023-28319.html
(From OE-Core rev: f7d6751828683ac2adbf140e77dbf7454cfa8eb1)
Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/classes/devshell.bbclass')
0 files changed, 0 insertions, 0 deletions
