curl: Ignore CVE-2024-32928

author Simone Weiß <simone.p.weiss@posteo.com>

Sun, 25 Aug 2024 11:52:34 +0000 (11:52 +0000)

committer Richard Purdie <richard.purdie@linuxfoundation.org>

Mon, 26 Aug 2024 09:39:31 +0000 (10:39 +0100)
author Simone Weiß <simone.p.weiss@posteo.com>
Sun, 25 Aug 2024 11:52:34 +0000 (11:52 +0000)
committer Richard Purdie <richard.purdie@linuxfoundation.org>
Mon, 26 Aug 2024 09:39:31 +0000 (10:39 +0100)
diff --git a/meta/recipes-support/curl/curl_8.9.1.bb b/meta/recipes-support/curl/curl_8.9.1.bb

index 4d96a4e03440f0ebe4c72768f90d8a41aba18273..745224929bff4ecacf9960fa4e6bd2521cd572a9 100644 (file)
--- a/meta/recipes-support/curl/curl_8.9.1.bb
+++ b/meta/recipes-support/curl/curl_8.9.1.bb
@@ -20,6 +20,7 @@ SRC_URI[sha256sum] = "f292f6cc051d5bbabf725ef85d432dfeacc8711dd717ea97612ae59064
  
  # Curl has used many names over the years...
  CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"
+CVE_STATUS[CVE-2024-32928] = "ignored: CURLOPT_SSL_VERIFYPEER was disabled on google cloud services causing a potential man in the middle attack"
  
  inherit autotools pkgconfig binconfig multilib_header ptest
author	Simone Weiß <simone.p.weiss@posteo.com>
	Sun, 25 Aug 2024 11:52:34 +0000 (11:52 +0000)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Mon, 26 Aug 2024 09:39:31 +0000 (10:39 +0100)