mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-19 15:32:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
26b25ba6733c803a5331c48aebb267314fdab6c6
poky/meta
History
Yogita Urade 26b25ba673 curl: fix CVE-2025-0167 
When asked to use a `.netrc` file for credentials *and* to
follow HTTP redirects, curl could leak the password used
for the first host to the followed-to host under certain
circumstances.

This flaw only manifests itself if the netrc file has a
`default` entry that omits both login and password. A
rare circumstance.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-0167

Upstream patch:
https://github.com/curl/curl/commit/0e120c5b925e8ca75d5319e

(From OE-Core rev: b74dba43f2d6896245232373f2a9fdf07086a237)

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-04-28 08:18:53 -07:00
..
classes
cve-check.bbclass: Mitigate symlink related error
2025-03-15 06:40:08 -07:00
classes-global
sanity.bbclass: skip check_userns for non-local uid
2025-01-09 06:25:36 -08:00
classes-recipe
kernel-arch: add macro-prefix-map in KERNEL_CC
2025-04-01 09:08:43 -07:00
conf
yocto-uninative: Update to 4.7 for glibc 2.41
2025-04-07 06:34:44 -07:00
files
meta: Enable '-o pipefail' for the SDK installer
2025-03-05 06:03:47 -08:00
lib
patch.py: set commituser and commitemail for addNote
2025-04-16 06:41:24 -07:00
recipes-bsp
grub: patch CVE-2025-0678 and CVE-2025-1125
2025-03-15 06:40:08 -07:00
recipes-connectivity
openssl: rewrite ptest installation
2025-04-19 14:42:10 -07:00
recipes-core
build-appliance-image: Update to scarthgap head revision
2025-04-19 14:45:35 -07:00
recipes-devtools
binutils: patch CVE-2025-1182
2025-04-28 08:18:53 -07:00
recipes-extended
libarchive: upgrade 3.7.4 -> 3.7.9
2025-04-19 14:42:10 -07:00
recipes-gnome
gcr: Fix LICENSE
2024-09-19 05:11:35 -07:00
recipes-graphics
freetype: follow-up patch for CVE-2025-27363
2025-04-07 06:34:44 -07:00
recipes-kernel
linux-yocto/6.6: update to v6.6.84
2025-04-01 09:08:43 -07:00
recipes-multimedia
mpg123: upgrade 1.32.6 -> 1.32.10
2025-03-19 07:25:56 -07:00
recipes-rt
rt-tests: rt_bmark.py: fix TypeError
2024-08-06 19:11:18 -07:00
recipes-sato
puzzles: ignore three new CVEs for a different puzzles
2025-03-15 06:40:07 -07:00
recipes-support
curl: fix CVE-2025-0167
2025-04-28 08:18:53 -07:00
site
site: remove at-spi2-core values
2023-09-02 07:45:29 +01:00
COPYING.MIT
recipes.txt
Remove LSB support
2019-08-29 14:05:12 +01:00