summaryrefslogtreecommitdiffstats
path: root/meta/classes/devshell.bbclass
diff options
context:
space:
mode:
authorBhabu Bindu <bhabu.bindu@kpit.com>2023-05-29 17:02:46 +0530
committerSteve Sakoman <steve@sakoman.com>2023-06-01 16:24:07 -1000
commitb6c3cba355fd66ca4609abca4f273604d85aeabb (patch)
tree03c2b3c3ec1622455c408947a5d1c249740e8220 /meta/classes/devshell.bbclass
parent011b8b47588bc9c7b24fa009d170e91b188f094f (diff)
downloadpoky-b6c3cba355fd66ca4609abca4f273604d85aeabb.tar.gz
curl: Fix CVE-2023-28322
Add patches to fix CVE-2023-28322 more POST-after-PUT confusion When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer.The problem exists in the logic for a reused handle when it is (expected tobe) changed from a PUT to a POST. CVE-2023-28322-1.patch is a supporting patch to resolve hunk error in the actual patch file : CVE-2023-28322-2.patch Link: https://curl.se/docs/CVE-2023-28322.html (From OE-Core rev: 9ef793eca87ac568d9c22067aa854a50837cf92f) Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/classes/devshell.bbclass')
0 files changed, 0 insertions, 0 deletions