curl: Backport CVE fixes - openembedded-core

diff options

author	Robert Joslyn <robert.joslyn@redrectangle.org>	2022-01-14 20:09:07 -0800
committer	Anuj Mittal <anuj.mittal@intel.com>	2022-01-17 10:14:53 +0800
commit	705718cfe243e05e0975bad3b822666363ef55df (patch)
tree	ed6a5c9beb1e250505f88a2a8de0b00c9fef84f4 /scripts
parent	3ceee568313ea7cd3afe33df8119319644e12fa4 (diff)
download	openembedded-core-705718cfe243e05e0975bad3b822666363ef55df.tar.gz

curl: Backport CVE fixes

Backport fixes for CVE-2021-22922, CVE-2021-22923, CVE-2021-22945, CVE-2021-22946, and CVE-2021-22947. * https://curl.se/docs/CVE-2021-22922.html * https://curl.se/docs/CVE-2021-22923.html * https://curl.se/docs/CVE-2021-22945.html * https://curl.se/docs/CVE-2021-22946.html * https://curl.se/docs/CVE-2021-22947.html 22922 and 22923 were fixed by upstream by simply removing metalink support in newer versions. These are mitigated in older versions by disabling metalink support, which was already done by the recipe, so whitelist these CVEs. 22945, 22946, and 22947 are backported with only trivial patch fuzz modifications. Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>

Diffstat (limited to 'scripts')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: