curl: fix CVE-2025-0167 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Yogita Urade <yogita.urade@windriver.com>	2025-04-22 11:48:15 +0000
committer	Steve Sakoman <steve@sakoman.com>	2025-04-28 08:18:53 -0700
commit	26b25ba6733c803a5331c48aebb267314fdab6c6 (patch)
tree	9ef2d2e6b251cf431cbbafa7385a70616a4973cc /scripts/lib/wic/plugins/source/bootimg-efi.py
parent	2e67952192f95cd7465c5c795e5d420aba8c9827 (diff)
download	poky-26b25ba6733c803a5331c48aebb267314fdab6c6.tar.gz

curl: fix CVE-2025-0167

When asked to use a `.netrc` file for credentials *and* to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default` entry that omits both login and password. A rare circumstance. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-0167 Upstream patch: https://github.com/curl/curl/commit/0e120c5b925e8ca75d5319e (From OE-Core rev: b74dba43f2d6896245232373f2a9fdf07086a237) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/wic/plugins/source/bootimg-efi.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: