]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: d7a277b) | patch
curl: Security Advisory - curl - CVE-2014-3620
authorChong Lu <Chong.Lu@windriver.com>
Tue, 4 Nov 2014 01:35:18 +0000 (09:35 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Wed, 5 Nov 2014 16:49:31 +0000 (16:49 +0000)
commitddbaade8afbc9767583728bfdc220639203d6853
tree032ca740f0ef50c483cbb3397a4bcb1de0f20703tree | snapshot
parentd7a277b35bcc67050046c76fb70412101679a545commit | diff
curl: Security Advisory - curl - CVE-2014-3620

libcurl wrongly allows cookies to be set for Top Level Domains (TLDs), thus
making them apply broader than cookies are allowed. This can allow arbitrary
sites to set cookies that then would get sent to a different and unrelated site
or domain.

Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
meta/recipes-support/curl/curl/CVE-2014-3620.patch [new file with mode: 0644] blob
meta/recipes-support/curl/curl_7.37.1.bb diff | blob | history
Mirror of the official openembedded-core repository