]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: d850874) | patch
curl: Fix CVE-2020-8284, CVE-2020-8285, CVE-2020-8286
authorKhairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com>
Thu, 7 Jan 2021 08:51:05 +0000 (16:51 +0800)
committerAnuj Mittal <anuj.mittal@intel.com>
Thu, 14 Jan 2021 02:46:18 +0000 (10:46 +0800)
commitf1a0ea55c0ae2cce7f7c3c6c73f57c5b8222c860
treeed29af72839b318db9f2838fb4122c3aff621298tree | snapshot
parentd850874e865f2cb2417d520820c3c5288cae38c5commit | diff
curl: Fix CVE-2020-8284, CVE-2020-8285, CVE-2020-8286

Backport the CVE patches from upstream
https://github.com/curl/curl/commit/ec9cc725d598ac
https://github.com/curl/curl/commit/a95a6ce6b809693a1195e3b4347a6cfa0fbc2ee7
https://github.com/curl/curl/commit/69a358f2186e04
https://github.com/curl/curl/commit/d9d01672785b.patch

0002-remove-void-protop-create-union-p.patch is added because the CVE-2020-8285 fix is
dependent on it.

CVE:
CVE-2020-8284
CVE-2020-8285
CVE-2020-8286

Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
meta/recipes-support/curl/curl/0002-remove-void-protop-create-union-p.patch [new file with mode: 0644] blob
meta/recipes-support/curl/curl/CVE-2020-8284.patch [new file with mode: 0644] blob
meta/recipes-support/curl/curl/CVE-2020-8285.patch [new file with mode: 0644] blob
meta/recipes-support/curl/curl/CVE-2020-8286.patch [new file with mode: 0644] blob
meta/recipes-support/curl/curl_7.72.0.bb diff | blob | history
Mirror of the official openembedded-core repository