curl: Security Advisory - curl - CVE-2014-3613

By not detecting and rejecting domain names for partial literal IP addresses properly when parsing received HTTP cookies, libcurl can be fooled to both sending cookies to wrong sites and into allowing arbitrary sites to set cookies for others. (From OE-Core rev: 985ef933208da1dd1f17645613ce08e6ad27e2c1) Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Conflicts: meta/recipes-support/curl/curl_7.35.0.bb
author: Chong Lu <Chong.Lu@windriver.com> 2014-10-24 16:26:41 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2014-11-05 23:26:57 +0000
commit: dbbda31ca0a29c930f3078635ae7c5a41d933b58 (patch)
tree: 56dae75c98b7794e07d8bbf968853eab69dccca0 /meta/recipes-support/curl/curl_7.35.0.bb
parent: 606793e7b5c129654f317e5bec9ed7f083d3383d (diff)
download: openembedded-core-dbbda31ca0a29c930f3078635ae7c5a41d933b58.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl_7.35.0.bb b/meta/recipes-support/curl/curl_7.35.0.bb
index 6e670731fd..b1c68be69d 100644
--- a/meta/recipes-support/curl/curl_7.35.0.bb
+++ b/meta/recipes-support/curl/curl_7.35.0.bb
@@ -13,6 +13,7 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
            file://pkgconfig_fix.patch \
            file://generate_code_for_disable_manual.patch \
            file://remove_inappropriate_file_from_rel.patch \
+           file://CVE-2014-3613.patch \
 "
 
 # curl likes to set -g0 in CFLAGS, so we stop it
author	Chong Lu <Chong.Lu@windriver.com>	2014-10-24 16:26:41 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2014-11-05 23:26:57 +0000
commit	dbbda31ca0a29c930f3078635ae7c5a41d933b58 (patch)
tree	56dae75c98b7794e07d8bbf968853eab69dccca0 /meta/recipes-support/curl/curl_7.35.0.bb
parent	606793e7b5c129654f317e5bec9ed7f083d3383d (diff)
download	openembedded-core-dbbda31ca0a29c930f3078635ae7c5a41d933b58.tar.gz