]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 8c42a95) | patch
wget: Security fix CVE-2017-6508
authorYi Zhao <yi.zhao@windriver.com>
Thu, 17 Aug 2017 07:40:30 +0000 (15:40 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Mon, 11 Sep 2017 21:15:51 +0000 (22:15 +0100)
commit03fbdba18b767be95c5fa13d72b52c16f8a77b52
tree7c1442e07bf9e89b55aa967699044624ab846e09tree | snapshot
parent8c42a9508bded870d1ac018e2cfa129772983c52commit | diff
wget: Security fix CVE-2017-6508

CVE-2017-6508: CRLF injection vulnerability in the url_parse function in
url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary
HTTP headers via CRLF sequences in the host subcomponent of a URL.

External References:
https://nvd.nist.gov/vuln/detail/CVE-2017-6508

Patch from:
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=4d729e322fae359a1aefaafec1144764a54e8ad4

(From OE-Core rev: 28404157e07a915d1445166df566c8838f2cce57)

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
meta/recipes-extended/wget/wget/CVE-2017-6508.patch [new file with mode: 0644] blob
meta/recipes-extended/wget/wget_1.19.1.bb diff | blob | history
Mirror of the official openembedded-core repository