perl: Fix CVE-2023-31486 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Soumya <soumya.sambu@windriver.com>	2023-07-14 03:21:39 +0000
committer	Steve Sakoman <steve@sakoman.com>	2023-07-21 06:27:34 -1000
commit	80ecd63cc84d7eb9db26ec47d4afcf5a59d598e8 (patch)
tree	9be93df735f59759b1a0dca2199b34eda881be16 /scripts/lib/devtool/build_sdk.py
parent	471318ae2f6b3c142822001f4a18e2fed8c78f1a (diff)
download	poky-80ecd63cc84d7eb9db26ec47d4afcf5a59d598e8.tar.gz

perl: Fix CVE-2023-31486

HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. References: https://nvd.nist.gov/vuln/detail/CVE-2023-31486 Upstream patches: https://github.com/chansen/p5-http-tiny/commit/77f557ef84698efeb6eed04e4a9704eaf85b741d https://github.com/chansen/p5-http-tiny/commit/a22785783b17cbaa28afaee4a024d81a1903701d (From OE-Core rev: 5819c839e1de92ab7669a0d4997886d0306c4cc1) Signed-off-by: Soumya <soumya.sambu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/devtool/build_sdk.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: