[oe-commits] Chong Lu : curl: Security Advisory - curl - CVE-2014-3613
git at git.openembedded.org
git at git.openembedded.org
Tue Nov 4 12:01:01 UTC 2014
Module: openembedded-core.git
Branch: master-next
Commit: 985ef933208da1dd1f17645613ce08e6ad27e2c1
URL: http://git.openembedded.org/?p=openembedded-core.git&a=commit;h=985ef933208da1dd1f17645613ce08e6ad27e2c1
Author: Chong Lu <Chong.Lu at windriver.com>
Date: Fri Oct 24 16:26:41 2014 +0800
curl: Security Advisory - curl - CVE-2014-3613
By not detecting and rejecting domain names for partial literal IP addresses
properly when parsing received HTTP cookies, libcurl can be fooled to both
sending cookies to wrong sites and into allowing arbitrary sites to set cookies
for others.
Signed-off-by: Chong Lu <Chong.Lu at windriver.com>
---
meta/recipes-support/curl/curl/CVE-2014-3613.patch | 269 +++++++++++++++++++++
meta/recipes-support/curl/curl_7.37.1.bb | 1 +
2 files changed, 270 insertions(+)
Diff: http://git.openembedded.org/?p=openembedded-core.git/?a=commitdiff;h=985ef933208da1dd1f17645613ce08e6ad27e2c1
More information about the Openembedded-commits
mailing list