From: Andrej Valek <andrej.valek@siemens.com>
To: <openembedded-core@lists.openembedded.org>
Cc: Andrej Valek <andrej.valek@siemens.com>
Subject: [OE-core][dunfell][PATCH 2/2] curl: whitelists CVE-2022-42915, CVE-2022-42916 and CVE-2022-43551
Date: Fri, 10 Mar 2023 10:54:02 +0100 [thread overview]
Message-ID: <20230310095402.85948-2-andrej.valek@siemens.com> (raw)
In-Reply-To: <20230310095402.85948-1-andrej.valek@siemens.com>
All mentioned CVEs are related to HSTS check feature, which is not
implemented in version 7.69.1 .
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
---
meta/recipes-support/curl/curl_7.69.1.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-support/curl/curl_7.69.1.bb b/meta/recipes-support/curl/curl_7.69.1.bb
index 899daf8eac..ea36c0bd3d 100644
--- a/meta/recipes-support/curl/curl_7.69.1.bb
+++ b/meta/recipes-support/curl/curl_7.69.1.bb
@@ -56,6 +56,9 @@ CVE_CHECK_WHITELIST = "CVE-2021-22922 CVE-2021-22923 CVE-2021-22926 CVE-2021-229
# This CVE issue affects Windows only Hence whitelisting this CVE
CVE_CHECK_WHITELIST += "CVE-2021-22897"
+# HSTS check feature is not implemented
+CVE_CHECK_WHITELIST += "CVE-2022-42915 CVE-2022-42916 CVE-2022-43551"
+
inherit autotools pkgconfig binconfig multilib_header
PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} gnutls libidn proxy threaded-resolver verbose zlib"
--
2.39.2
next prev parent reply other threads:[~2023-03-10 9:54 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-09 15:15 curl Valek, Andrej
2023-03-09 15:24 ` curl Steve Sakoman
2023-03-10 9:54 ` [OE-core][dunfell][PATCH 1/2] curl: Fix CVE CVE-2022-43552 Andrej Valek
2023-03-10 9:54 ` Andrej Valek [this message]
2023-03-14 14:26 ` [OE-core][dunfell][PATCH 2/2] curl: whitelists CVE-2022-42915, CVE-2022-42916 and CVE-2022-43551 Steve Sakoman
[not found] ` <174C4F5C0F6A96A7.18998@lists.openembedded.org>
2023-03-14 14:39 ` Steve Sakoman
2023-03-14 15:07 ` Valek, Andrej
2023-03-14 15:09 ` Steve Sakoman
2023-03-10 12:45 ` [OE-core][dunfell][PATCH] curl: Fix CVE CVE-2021-22897 Andrej Valek
2023-03-10 13:09 ` Valek, Andrej
2023-03-10 14:40 ` Steve Sakoman
2023-03-10 14:49 ` Valek, Andrej
2023-03-10 14:56 ` Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2023-05-19 8:18 [OE-core][PATCH v4 1/3] cve-check: add option to add additional patched CVEs Andrej Valek
2023-06-12 11:57 ` [OE-core][dunfell][PATCH 2/2] curl: whitelists CVE-2022-42915, CVE-2022-42916 and CVE-2022-43551 Andrej Valek
2023-06-12 12:01 ` Valek, Andrej
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230310095402.85948-2-andrej.valek@siemens.com \
--to=andrej.valek@siemens.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox