curl: Fix CVE-2021-22946 and CVE-2021-22947, whitelist CVE-2021-22945 - openembedded-core-contrib - OpenEmbedded Core user contribution trees

diff options

author	Mike Crowe <mac@mcrowe.com>	2021-09-17 17:14:33 +0100
committer	Steve Sakoman <steve@sakoman.com>	2021-09-24 04:27:46 -1000
commit	b9b343704afc28a6182f699ef17943afacd482a8 (patch)
tree	6388bc09bf1aa17d51d267de46017522b51b7ffd /meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-20305-3.patch
parent	ddcdb9baec74391844d5e3cf3c891d63d2eef865 (diff)
download	openembedded-core-contrib-b9b343704afc28a6182f699ef17943afacd482a8.tar.gz

curl: Fix CVE-2021-22946 and CVE-2021-22947, whitelist CVE-2021-22945

curl v7.79.0 contained fixes for three CVEs: The description of CVE-2021-22945[1] contains: > This flaw was introduced in commit 2522903b79 but since MQTT support > was marked 'experimental' then and not enabled in the build by default > until curl 7.73.0 (October 14, 2020) we count that as the first flawed > version. which I believe means that curl v7.69.1 is not vulnerable. curl v7.69.1 is vulnerable to both CVE-2021-22946[2] and CVE-22947[3]. These patches are from Ubuntu 20.04's curl 7.68.0 package. The patches applied without conflicts, but I used devtool to regenerate them to avoid fuzz warnings. [1] https://curl.se/docs/CVE-2021-22945.html [2] https://curl.se/docs/CVE-2021-22946.html [3] https://curl.se/docs/CVE-2021-22947.html Signed-off-by: Mike Crowe <mac@mcrowe.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-20305-3.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: