]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 3576399) | patch
curl: Security Advisory - curl - CVE-2014-3613
authorChong Lu <Chong.Lu@windriver.com>
Fri, 24 Oct 2014 08:26:41 +0000 (16:26 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Tue, 4 Nov 2014 10:19:56 +0000 (10:19 +0000)
commit985ef933208da1dd1f17645613ce08e6ad27e2c1
treea68d9c92d2acd04de75a92fba9a47528b3bed623tree | snapshot
parent3576399ed163cb3136ee1a2077622035d2033158commit | diff
curl: Security Advisory - curl - CVE-2014-3613

By not detecting and rejecting domain names for partial literal IP addresses
properly when parsing received HTTP cookies, libcurl can be fooled to both
sending cookies to wrong sites and into allowing arbitrary sites to set cookies
for others.

Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
meta/recipes-support/curl/curl/CVE-2014-3613.patch [new file with mode: 0644] blob
meta/recipes-support/curl/curl_7.37.1.bb diff | blob | history
Mirror of the official openembedded-core repository