mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-04 05:02:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

curl: Ignore CVE-2024-32928

Browse Source 
This CVE affects google cloud services that utilize libcurl wrongly.

(From OE-Core rev: 27ac7879711e7119b4ec8b190b0a9da5b3ede269)
Changed CVE ignore syntax

(From OE-Core rev: ad703de483258f459acc6a40385ad00a5182eb64)

Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Peter Marko
2024-08-26 18:54:02 +02:00
committed by Steve Sakoman
parent da07e6ee34
commit 1f5be803ee
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
meta/recipes-support/curl/curl_7.82.0.bb
View File

@@ -68,6 +68,8 @@ CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl dan
# This CVE reports that apple had to upgrade curl because of other already reported CVEs
CVE_CHECK_IGNORE += "CVE-2023-42915"
# ignored: CURLOPT_SSL_VERIFYPEER was disabled on google cloud services causing a potential man in the middle attack
CVE_CHECK_IGNORE += "CVE-2024-32928"
inherit autotools pkgconfig binconfig multilib_header