]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 7c4dfa6) | patch
curl: Security Advisory - curl - CVE-2014-3620
authorChong Lu <Chong.Lu@windriver.com>
Tue, 4 Nov 2014 01:35:18 +0000 (09:35 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Fri, 21 Nov 2014 16:48:56 +0000 (16:48 +0000)
commitdb194a3af25a37ff2d6f091ef021894967ca5910
treee736dcd0d04eb7cc3bc7f6f05f03f0a416f4ba25tree | snapshot
parent7c4dfa64fd88066f2e0fbc917d8660f5b35e00c4commit | diff
curl: Security Advisory - curl - CVE-2014-3620

libcurl wrongly allows cookies to be set for Top Level Domains (TLDs), thus
making them apply broader than cookies are allowed. This can allow arbitrary
sites to set cookies that then would get sent to a different and unrelated site
or domain.

(From OE-Core rev: ddbaade8afbc9767583728bfdc220639203d6853)

Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-support/curl/curl/CVE-2014-3620.patch [new file with mode: 0644] blob
meta/recipes-support/curl/curl_7.37.1.bb diff | blob | history
Mirror of the official openembedded-core repository