diff options
author | Chong Lu <Chong.Lu@windriver.com> | 2014-10-24 16:26:41 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-11-04 10:19:56 +0000 |
commit | 985ef933208da1dd1f17645613ce08e6ad27e2c1 (patch) | |
tree | a68d9c92d2acd04de75a92fba9a47528b3bed623 /meta/recipes-support/curl/curl_7.37.1.bb | |
parent | 3576399ed163cb3136ee1a2077622035d2033158 (diff) | |
download | openembedded-core-contrib-985ef933208da1dd1f17645613ce08e6ad27e2c1.tar.gz |
curl: Security Advisory - curl - CVE-2014-3613
By not detecting and rejecting domain names for partial literal IP addresses
properly when parsing received HTTP cookies, libcurl can be fooled to both
sending cookies to wrong sites and into allowing arbitrary sites to set cookies
for others.
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Diffstat (limited to 'meta/recipes-support/curl/curl_7.37.1.bb')
-rw-r--r-- | meta/recipes-support/curl/curl_7.37.1.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl_7.37.1.bb b/meta/recipes-support/curl/curl_7.37.1.bb index 39ded80190..1147675b85 100644 --- a/meta/recipes-support/curl/curl_7.37.1.bb +++ b/meta/recipes-support/curl/curl_7.37.1.bb @@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;beginline=7;md5=3a34942f4ae3fbf1a303160714e66 SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ file://pkgconfig_fix.patch \ + file://CVE-2014-3613.patch \ " # curl likes to set -g0 in CFLAGS, so we stop it |