[oe-commits] Chong Lu : curl: Security Advisory - curl - CVE-2014-3613
git at git.openembedded.org
git at git.openembedded.org
Wed Nov 5 23:28:40 UTC 2014
Module: openembedded-core.git
Branch: daisy
Commit: dbbda31ca0a29c930f3078635ae7c5a41d933b58
URL: http://git.openembedded.org/?p=openembedded-core.git&a=commit;h=dbbda31ca0a29c930f3078635ae7c5a41d933b58
Author: Chong Lu <Chong.Lu at windriver.com>
Date: Fri Oct 24 16:26:41 2014 +0800
curl: Security Advisory - curl - CVE-2014-3613
By not detecting and rejecting domain names for partial literal IP addresses
properly when parsing received HTTP cookies, libcurl can be fooled to both
sending cookies to wrong sites and into allowing arbitrary sites to set cookies
for others.
(From OE-Core rev: 985ef933208da1dd1f17645613ce08e6ad27e2c1)
Signed-off-by: Chong Lu <Chong.Lu at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
Conflicts:
meta/recipes-support/curl/curl_7.35.0.bb
---
meta/recipes-support/curl/curl/CVE-2014-3613.patch | 269 +++++++++++++++++++++
meta/recipes-support/curl/curl_7.35.0.bb | 1 +
2 files changed, 270 insertions(+)
Diff: http://git.openembedded.org/?p=openembedded-core.git/?a=commitdiff;h=dbbda31ca0a29c930f3078635ae7c5a41d933b58
More information about the Openembedded-commits
mailing list