git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit

author	Armin Kuster <akuster@mvista.com>
	Thu, 7 Jan 2021 11:55:46 +0000 (17:25 +0530)
committer	Anuj Mittal <anuj.mittal@intel.com>
	Thu, 29 Apr 2021 03:57:07 +0000 (11:57 +0800)
commit	524870aad285debb67f6cd134b6465a06738906e
tree	78aea95481205bb44120e21bb3f336aca3a70428	tree
parent	9bfaa690e030362e31eacf45a9023991fe372c23	commit \| diff

curl: Security fixes for CVE-2020-{8169/8177}

Source: https://curl.haxx.se/
MR: 104472, 104458
Type: Security Fix
Disposition: Backport from https://github.com/curl/curl/commit/{600a8cded447cd/8236aba58542c5f}
ChangeID: 1300924f7a64b22375b4326daeef0b686481e30c
Description:

- Affected versions: curl 7.20.0 to and including 7.70.0
- Not affected versions: curl < 7.20.0 and curl >= 7.71.0

Fixes both CVE-2020-8169 and CVE-2020-8177

(From OE-Core rev: f42702baee57ab3d1b7ab7833e72c7d56ad4ee94)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Sana Kazi <sanak@kpit.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>

meta/recipes-support/curl/curl/CVE-2020-8169.patch	[new file with mode: 0644]	blob
meta/recipes-support/curl/curl/CVE-2020-8177.patch	[new file with mode: 0644]	blob
meta/recipes-support/curl/curl_7.66.0.bb		diff \| blob \| blame \| history