From: "Yoann Congal" <yoann.congal@smile.fr>
To: <adongare@cisco.com>, <openembedded-core@lists.openembedded.org>
Cc: <xe-linux-external@cisco.com>
Subject: Re: [OE-core] [wrynose] [PATCH 3/6] curl: ignore CVE-2026-5773
Date: Fri, 03 Jul 2026 10:55:04 +0200 [thread overview]
Message-ID: <DJOT6ANHNV3F.1FEBM29Y1OF79@smile.fr> (raw)
In-Reply-To: <20260629131453.1077612-3-adongare@cisco.com>
On Mon Jun 29, 2026 at 3:14 PM CEST, Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco) via lists.openembedded.org wrote:
> From: Anil Dongare <adongare@cisco.com>
>
> - CVE-2026-5773 affects curl before 8.20.0 when an authenticated SMB connection
> can be reused for a different set of credentials.
> - In wrynose, SMB support is available only through PACKAGECONFIG[smb] and is not
> enabled by default, so record this CVE as configuration-not-applicable for the
> default recipe configuration.
>
> Reference:
> - https://curl.se/docs/CVE-2026-5773.html
> - https://nvd.nist.gov/vuln/detail/CVE-2026-5773
> - https://github.com/openembedded/openembedded-core/blob/wrynose/meta/recipes-support/curl/curl_8.19.0.bb
>
> Signed-off-by: Anil Dongare <adongare@cisco.com>
> ---
Hello,
Jaipaul Cheernam is working on fixing this CVE:
https://lore.kernel.org/all/20260624075504.63472-1-jaipaul.cheernam@est.tech/
I will hold your patch for now, maybe you can help Jaipaul get their
patch merged? (like testing/review the future v4)
Thanks!
--
Yoann Congal
Smile ECS
next prev parent reply other threads:[~2026-07-03 8:55 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-29 13:14 [OE-core] [wrynose] [PATCH 1/6] curl: ignore CVE-2026-4873 Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-06-29 13:14 ` [OE-core] [wrynose] [PATCH 2/6] curl: fix CVE-2026-5545 Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-06-29 13:14 ` [OE-core] [wrynose] [PATCH 3/6] curl: ignore CVE-2026-5773 Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-07-03 8:55 ` Yoann Congal [this message]
2026-06-29 13:14 ` [OE-core] [wrynose] [PATCH 4/6] curl: fix CVE-2026-6253 Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-06-29 13:14 ` [OE-core] [wrynose] [PATCH 5/6] curl: fix CVE-2026-6429 Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-07-03 9:38 ` Yoann Congal
2026-06-29 13:14 ` [OE-core] [wrynose] [PATCH 6/6] curl: fix CVE-2026-7168 Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DJOT6ANHNV3F.1FEBM29Y1OF79@smile.fr \
--to=yoann.congal@smile.fr \
--cc=adongare@cisco.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=xe-linux-external@cisco.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox