[oe-commits] Chong Lu : curl: Security Advisory - curl - CVE-2014-3613
git at git.openembedded.org
git at git.openembedded.org
Fri Nov 21 16:51:28 UTC 2014
Module: openembedded-core.git
Branch: dizzy
Commit: 7c4dfa64fd88066f2e0fbc917d8660f5b35e00c4
URL: http://git.openembedded.org/?p=openembedded-core.git&a=commit;h=7c4dfa64fd88066f2e0fbc917d8660f5b35e00c4
Author: Chong Lu <Chong.Lu at windriver.com>
Date: Fri Oct 24 16:26:41 2014 +0800
curl: Security Advisory - curl - CVE-2014-3613
By not detecting and rejecting domain names for partial literal IP addresses
properly when parsing received HTTP cookies, libcurl can be fooled to both
sending cookies to wrong sites and into allowing arbitrary sites to set cookies
for others.
(From OE-Core rev: 985ef933208da1dd1f17645613ce08e6ad27e2c1)
Signed-off-by: Chong Lu <Chong.Lu at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
---
meta/recipes-support/curl/curl/CVE-2014-3613.patch | 269 +++++++++++++++++++++
meta/recipes-support/curl/curl_7.37.1.bb | 1 +
2 files changed, 270 insertions(+)
Diff: http://git.openembedded.org/?p=openembedded-core.git/?a=commitdiff;h=7c4dfa64fd88066f2e0fbc917d8660f5b35e00c4
More information about the Openembedded-commits
mailing list