]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: dbbda31) | patch
curl: Security Advisory - curl - CVE-2014-3620
authorChong Lu <Chong.Lu@windriver.com>
Tue, 4 Nov 2014 01:35:18 +0000 (09:35 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Wed, 5 Nov 2014 23:27:02 +0000 (23:27 +0000)
commit13bb2ee98cfd159455e459501dda280a78cb5a3b
treea39d52d8013354f44dc1071e793e6bf7c2b7d9a0tree | snapshot
parentdbbda31ca0a29c930f3078635ae7c5a41d933b58commit | diff
curl: Security Advisory - curl - CVE-2014-3620

libcurl wrongly allows cookies to be set for Top Level Domains (TLDs), thus
making them apply broader than cookies are allowed. This can allow arbitrary
sites to set cookies that then would get sent to a different and unrelated site
or domain.

(From OE-Core rev: ddbaade8afbc9767583728bfdc220639203d6853)

Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-support/curl/curl/CVE-2014-3620.patch [new file with mode: 0644] blob
meta/recipes-support/curl/curl_7.35.0.bb diff | blob | history
Mirror of the official openembedded-core repository