]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 4ff3355) | patch
curl: Security Advisory - curl - CVE-2014-3613
authorChong Lu <Chong.Lu@windriver.com>
Fri, 24 Oct 2014 08:26:41 +0000 (16:26 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Fri, 21 Nov 2014 16:48:47 +0000 (16:48 +0000)
commit7c4dfa64fd88066f2e0fbc917d8660f5b35e00c4
treedd043b319575aefabf76dc75080141c1e9dabef5tree | snapshot
parent4ff3355e4daf841c66fb78e88bf2d6e26d8f9cedcommit | diff
curl: Security Advisory - curl - CVE-2014-3613

By not detecting and rejecting domain names for partial literal IP addresses
properly when parsing received HTTP cookies, libcurl can be fooled to both
sending cookies to wrong sites and into allowing arbitrary sites to set cookies
for others.

(From OE-Core rev: 985ef933208da1dd1f17645613ce08e6ad27e2c1)

Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-support/curl/curl/CVE-2014-3613.patch [new file with mode: 0644] blob
meta/recipes-support/curl/curl_7.37.1.bb diff | blob | history
Mirror of the official openembedded-core repository