diff options
| author | Bhabu Bindu <bhabu.bindu@kpit.com> | 2023-05-29 17:02:44 +0530 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2023-06-01 16:24:07 -1000 |
| commit | d68f782872c3159630bd3fd34bf942242686e49c (patch) | |
| tree | bf1efc78709caf74103c5352d50fd8b3b8a787ab /meta/classes/toolchain-scripts.bbclass | |
| parent | 8f3b0b8e9bbff522c1dd9f1507d71c82d228c46e (diff) | |
| download | poky-d68f782872c3159630bd3fd34bf942242686e49c.tar.gz | |
curl: Fix CVE-2023-28320
Add patch to fix CVE-2023-28320
siglongjmp race condition
libcurl provides several different backends for resolving host names,
selectedat build time. If it is built to use the synchronous resolver,
it allows nameresolves to time-out slow operations using `alarm()` and
`siglongjmp()`.
When doing this, libcurl used a global buffer that was not mutex
protected anda multi-threaded application might therefore
crash or otherwise misbehave.
Link: https://curl.se/docs/CVE-2023-28320.html
(From OE-Core rev: c761d822be5ffc4a88600fbd7282c469b1e9902a)
Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/classes/toolchain-scripts.bbclass')
0 files changed, 0 insertions, 0 deletions
