curl: fix CVE-2025-0167 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Yogita Urade <yogita.urade@windriver.com>	2025-07-08 14:27:29 +0530
committer	Steve Sakoman <steve@sakoman.com>	2025-07-14 08:37:40 -0700
commit	022d6ec767487a52fc479e25ebad11012df01474 (patch)
tree	56bbed17d31fd653077c779e1e73a360b13395d2 /meta/recipes-extended
parent	580a1571c4bc7341bd19b067b9e5a8bc4194b627 (diff)
download	poky-022d6ec767487a52fc479e25ebad11012df01474.tar.gz

curl: fix CVE-2025-0167

When asked to use a `.netrc` file for credentials *and* to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default` entry that omits both login and password. A rare circumstance. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-0167 Upstream patch: https://github.com/curl/curl/commit/0e120c5b925e8ca75d5319e319e5ce4b8080d8eb (From OE-Core rev: 7c5aee3066e4c8056d994cd50b26c18a16316c96) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'meta/recipes-extended')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: