From: "Mike Crowe" <yocto@mac.mcrowe.com>
To: Steve Sakoman <steve@sakoman.com>
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [OE-core][dunfell 07/33] curl: Fix CVE-2021-22924 and CVE-2021-22925
Date: Fri, 6 Aug 2021 17:12:29 +0100 [thread overview]
Message-ID: <20210806161229.GA16017@mcrowe.com> (raw)
In-Reply-To: <3631da82b3542df1c1e4bbd499fc2dbe67f5f3ec.1628176985.git.steve@sakoman.com>
On Thursday 05 August 2021 at 05:33:44 -1000, Steve Sakoman wrote:
> From: Mike Crowe <mac@mcrowe.com>
>
> curl v7.78 contained fixes for five CVEs:
>
> CVE-2021-22922[1] and CVE-2021-22923[2] are only present when support
> for metalink is enabled. EXTRA_OECONF contains "--without-libmetalink"
> so these fixes are unnecessary.
>
> CVE-2021-22926[3] only affects builds for MacOS.
>
> CVE-2021-22924[4] and CVE-2021-22925[5] are both applicable. Take the
> patches from Ubuntu 20.04 curl_7.68.0-1ubuntu2.6 package which is close
> enough that the patch for CVE-2021-22924 applies without conflicts..
Now that you've added back the "== 2", I believe the final sentence is now
true for both patches. That may not be worth worrying about.
>
> [1] https://curl.se/docs/CVE-2021-22922.html
> [2] https://curl.se/docs/CVE-2021-22923.html
> [3] https://curl.se/docs/CVE-2021-22926.html
> [4] https://curl.se/docs/CVE-2021-22924.html
> [5] https://curl.se/docs/CVE-2021-22925.html
>
> Signed-off-by: Mike Crowe <mac@mcrowe.com>
> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Mike.
next prev parent reply other threads:[~2021-08-06 16:12 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-05 15:33 [OE-core][dunfell 00/33] Patch review Steve Sakoman
2021-08-05 15:33 ` [OE-core][dunfell 01/33] Revert "gstreamer-plugins-good: ignore CVE-2021-3497/8 since they are fixed" Steve Sakoman
2021-08-05 15:33 ` [OE-core][dunfell 02/33] Revert "gstreamer-plugins-base: ignore CVE-2021-3522 since it is fixed" Steve Sakoman
2021-08-05 15:33 ` [OE-core][dunfell 03/33] gstreamer: ignore CVE-2021-3497, CVE-2021-3498, and CVE-2021-3522 Steve Sakoman
2021-08-05 15:33 ` [OE-core][dunfell 04/33] libxml2: fix CVE-2021-3541 Steve Sakoman
2021-08-05 15:33 ` [OE-core][dunfell 05/33] avahi: fix CVE-2021-3468 Steve Sakoman
2021-08-05 15:33 ` [OE-core][dunfell 06/33] curl: Fix for CVE-2021-22898 Steve Sakoman
2021-08-05 15:33 ` [OE-core][dunfell 07/33] curl: Fix CVE-2021-22924 and CVE-2021-22925 Steve Sakoman
2021-08-06 16:12 ` Mike Crowe [this message]
2021-08-05 15:33 ` [OE-core][dunfell 08/33] linux-yocto/5.4: update to v5.4.134 Steve Sakoman
2021-08-05 15:33 ` [OE-core][dunfell 09/33] oeqa/manual/toaster: fix small typo Steve Sakoman
2021-08-05 15:33 ` [OE-core][dunfell 10/33] ovmf: Fix VLA warnings with GCC 11 Steve Sakoman
2021-08-05 15:33 ` [OE-core][dunfell 11/33] archiver.bbclass: Fix patch error for recipes that inherit dos2unix Steve Sakoman
2021-08-05 15:33 ` [OE-core][dunfell 12/33] bitbake.conf: change GNOME_MIRROR to new one Steve Sakoman
2021-08-05 15:33 ` [OE-core][dunfell 13/33] initramfs-framework/setup-live: fix shebang Steve Sakoman
2021-08-05 15:33 ` [OE-core][dunfell 14/33] yocto-check-layer: Remove duplicated code Steve Sakoman
2021-08-05 15:33 ` [OE-core][dunfell 15/33] glew: fix Makefile race Steve Sakoman
2021-08-05 15:33 ` [OE-core][dunfell 16/33] oe-setup-builddir: update YP docs and OE URLs Steve Sakoman
2021-08-05 15:33 ` [OE-core][dunfell 17/33] qemu.inc: Add seccomp PACKAGECONFIG option Steve Sakoman
2021-08-05 15:33 ` [OE-core][dunfell 18/33] qemu: Enable seccomp if FEATURE is set Steve Sakoman
2021-08-05 15:33 ` [OE-core][dunfell 19/33] ifupdown: added -1 option to dhclient for dhcpv6 Steve Sakoman
2021-08-05 15:33 ` [OE-core][dunfell 20/33] oeqa/ethernet_ip_connman : add test for network connections Steve Sakoman
2021-08-05 15:33 ` [OE-core][dunfell 21/33] oeqa/runtime : add test for RTC(Real Time Clock) Steve Sakoman
2021-08-05 15:33 ` [OE-core][dunfell 22/33] oeqa/runtime/cases: Only disable/enable for current boot Steve Sakoman
2021-08-05 15:34 ` [OE-core][dunfell 23/33] oeqa/suspend : add test for suspend state Steve Sakoman
2021-08-05 15:34 ` [OE-core][dunfell 24/33] oeqa/runtime: add test for matchbox-terminal Steve Sakoman
2021-08-05 15:34 ` [OE-core][dunfell 25/33] oeqa/terminal : improve the test case Steve Sakoman
2021-08-05 15:34 ` [OE-core][dunfell 26/33] oeqa/usb_hid.py : add test to check the usb/human interface device status after suspend state Steve Sakoman
2021-08-05 15:34 ` [OE-core][dunfell 27/33] yocto-check-layer: improve missed dependencies Steve Sakoman
2021-08-05 15:34 ` [OE-core][dunfell 28/33] checklayer: new function get_layer_dependencies() Steve Sakoman
2021-08-05 15:34 ` [OE-core][dunfell 29/33] checklayer: rename _find_layer_depends Steve Sakoman
2021-08-05 15:34 ` [OE-core][dunfell 30/33] yocto-check-layer: ensure that all layer dependencies are tested too Steve Sakoman
2021-08-05 15:34 ` [OE-core][dunfell 31/33] archiver.bbclass: fix do_ar_configured failure for kernel Steve Sakoman
2021-08-05 15:34 ` [OE-core][dunfell 32/33] linux-yocto/5.4: update to v5.4.135 Steve Sakoman
2021-08-05 15:34 ` [OE-core][dunfell 33/33] sstate: Fix rebuilds when changing layer config Steve Sakoman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210806161229.GA16017@mcrowe.com \
--to=yocto@mac.mcrowe.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=steve@sakoman.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox