From 27ac7879711e7119b4ec8b190b0a9da5b3ede269 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Simone=20Wei=C3=9F?= Date: Sun, 25 Aug 2024 11:52:34 +0000 Subject: [PATCH] curl: Ignore CVE-2024-32928 MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit This CVE affects google cloud services that utilize libcurl wrongly. Signed-off-by: Simone Weiß Signed-off-by: Richard Purdie --- meta/recipes-support/curl/curl_8.9.1.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-support/curl/curl_8.9.1.bb b/meta/recipes-support/curl/curl_8.9.1.bb index 4d96a4e0344..745224929bf 100644 --- a/meta/recipes-support/curl/curl_8.9.1.bb +++ b/meta/recipes-support/curl/curl_8.9.1.bb @@ -20,6 +20,7 @@ SRC_URI[sha256sum] = "f292f6cc051d5bbabf725ef85d432dfeacc8711dd717ea97612ae59064 # Curl has used many names over the years... CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl" +CVE_STATUS[CVE-2024-32928] = "ignored: CURLOPT_SSL_VERIFYPEER was disabled on google cloud services causing a potential man in the middle attack" inherit autotools pkgconfig binconfig multilib_header ptest -- 2.47.2