curl: Security Advisory - curl - CVE-2014-3613

By not detecting and rejecting domain names for partial literal IP addresses properly when parsing received HTTP cookies, libcurl can be fooled to both sending cookies to wrong sites and into allowing arbitrary sites to set cookies for others. Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
author: Chong Lu <Chong.Lu@windriver.com> 2014-10-24 16:26:41 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2014-11-04 10:19:56 +0000
commit: 985ef933208da1dd1f17645613ce08e6ad27e2c1 (patch)
tree: a68d9c92d2acd04de75a92fba9a47528b3bed623 /meta/recipes-support/curl/curl_7.37.1.bb
parent: 3576399ed163cb3136ee1a2077622035d2033158 (diff)
download: openembedded-core-contrib-985ef933208da1dd1f17645613ce08e6ad27e2c1.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl_7.37.1.bb b/meta/recipes-support/curl/curl_7.37.1.bb
index 39ded80190..1147675b85 100644
--- a/meta/recipes-support/curl/curl_7.37.1.bb
+++ b/meta/recipes-support/curl/curl_7.37.1.bb
@@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;beginline=7;md5=3a34942f4ae3fbf1a303160714e66
 
 SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
            file://pkgconfig_fix.patch \
+           file://CVE-2014-3613.patch \
 "
 
 # curl likes to set -g0 in CFLAGS, so we stop it
author	Chong Lu <Chong.Lu@windriver.com>	2014-10-24 16:26:41 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2014-11-04 10:19:56 +0000
commit	985ef933208da1dd1f17645613ce08e6ad27e2c1 (patch)
tree	a68d9c92d2acd04de75a92fba9a47528b3bed623 /meta/recipes-support/curl/curl_7.37.1.bb
parent	3576399ed163cb3136ee1a2077622035d2033158 (diff)
download	openembedded-core-contrib-985ef933208da1dd1f17645613ce08e6ad27e2c1.tar.gz