summaryrefslogtreecommitdiffstats
path: root/meta/classes/devshell.bbclass
diff options
context:
space:
mode:
authorBhabu Bindu <bhabu.bindu@kpit.com>2023-05-29 17:02:43 +0530
committerSteve Sakoman <steve@sakoman.com>2023-06-01 16:24:07 -1000
commit8f3b0b8e9bbff522c1dd9f1507d71c82d228c46e (patch)
tree3d7fa2c7c9fef6de8590dd45d364a1b3913bb43b /meta/classes/devshell.bbclass
parent2afcf3e39f9016f590e597cee4b71166c982d58d (diff)
downloadpoky-8f3b0b8e9bbff522c1dd9f1507d71c82d228c46e.tar.gz
curl: Fix CVE-2023-28319
Add patch to fix CVE-2023-28319 UAF in SSH sha256 fingerprint check libcurl offers a feature to verify an SSH server's public key using a SHA 256hash. When this check fails, libcurl would free the memory for the fingerprintbefore it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed. Link: https://curl.se/docs/CVE-2023-28319.html (From OE-Core rev: f7d6751828683ac2adbf140e77dbf7454cfa8eb1) Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/classes/devshell.bbclass')
0 files changed, 0 insertions, 0 deletions