mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-03-11 09:49:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
212172aa139122668bc847ed012ecb8ec8d11acb
poky/meta
History
Praveen Kumar 212172aa13 go: Fix CVE-2024-45336 
The HTTP client drops sensitive headers after following a cross-domain redirect.
For example, a request to a.com/ containing an Authorization header which is redirected to
b.com/ will not send that header to b.com. In the event that the client received a subsequent
same-domain redirect, however, the sensitive headers would be restored. For example, a chain
of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the
Authorization header to b.com/2.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-45336

Upstream-patch:
b72d56f98d

(From OE-Core rev: 63e84b64f055ad7c91de67194e6739c96fb95496)

Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-02-15 06:04:43 -08:00
..
classes
classes/qemu: use tune to select QEMU_EXTRAOPTIONS, not package architecture
2025-01-24 07:49:28 -08:00
conf
gcc: upgrade to v11.5
2024-10-07 05:43:22 -07:00
files
toolchain-shar-extract.sh: exit when post-relocate-setup.sh fails
2024-11-27 06:27:26 -08:00
lib
oeqa/utils/gitarchive: Return tag name and improve exclude handling
2024-12-09 07:54:03 -08:00
recipes-bsp
grub: ignore CVE-2024-1048 and CVE-2023-4001
2024-12-09 07:54:03 -08:00
recipes-connectivity
openssl: patch CVE-2024-13176
2025-02-05 06:54:35 -08:00
recipes-core
glibc: stable 2.35 branch updates
2025-02-05 06:54:35 -08:00
recipes-devtools
go: Fix CVE-2024-45336
2025-02-15 06:04:43 -08:00
recipes-example/rust-hello-world
rustfmt: remove the recipe
2021-12-08 20:22:11 +00:00
recipes-extended
wget: fix CVE-2024-10524
2025-01-24 07:49:28 -08:00
recipes-gnome
gcr: Fix LICENSE
2024-09-16 06:09:56 -07:00
recipes-graphics
xwayland: patch CVE-2023-5380 CVE-2024-0229
2025-01-09 08:41:03 -08:00
recipes-kernel
linux-yocto/5.15: update to v5.15.175
2025-01-09 08:41:04 -08:00
recipes-multimedia
gstreamer1.0: ignore CVEs fixed in plugins recipes
2025-01-18 06:21:02 -08:00
recipes-rt
meta/recipes: python 3.12 regex
2024-03-01 05:19:54 -10:00
recipes-sato
webkitgtk: Security fix for CVE-2024-40776 and CVE-2024-40780
2025-01-09 08:41:03 -08:00
recipes-support
vte: fix CVE-2024-37535
2025-01-24 07:49:28 -08:00
site
ppc/siteinfo: Fix differences between musl and glibc
2022-03-15 08:40:09 +00:00
COPYING.MIT
recipes.txt
Remove LSB support
2019-08-29 14:05:12 +01:00