Openembedded Core Discussions
 help / color / mirror / Atom feed
From: "Yoann Congal" <yoann.congal@smile.fr>
To: <adongare@cisco.com>, <openembedded-core@lists.openembedded.org>
Cc: <xe-linux-external@cisco.com>
Subject: Re: [OE-core] [wrynose] [PATCH 3/6] curl: ignore CVE-2026-5773
Date: Fri, 03 Jul 2026 10:55:04 +0200	[thread overview]
Message-ID: <DJOT6ANHNV3F.1FEBM29Y1OF79@smile.fr> (raw)
In-Reply-To: <20260629131453.1077612-3-adongare@cisco.com>

On Mon Jun 29, 2026 at 3:14 PM CEST, Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco) via lists.openembedded.org wrote:
> From: Anil Dongare <adongare@cisco.com>
>
> - CVE-2026-5773 affects curl before 8.20.0 when an authenticated SMB connection
>   can be reused for a different set of credentials.
> - In wrynose, SMB support is available only through PACKAGECONFIG[smb] and is not
>   enabled by default, so record this CVE as configuration-not-applicable for the
>   default recipe configuration.
>
> Reference:
> - https://curl.se/docs/CVE-2026-5773.html
> - https://nvd.nist.gov/vuln/detail/CVE-2026-5773
> - https://github.com/openembedded/openembedded-core/blob/wrynose/meta/recipes-support/curl/curl_8.19.0.bb
>
> Signed-off-by: Anil Dongare <adongare@cisco.com>
> ---

Hello,

Jaipaul Cheernam is working on fixing this CVE:
https://lore.kernel.org/all/20260624075504.63472-1-jaipaul.cheernam@est.tech/
I will hold your patch for now, maybe you can help Jaipaul get their
patch merged? (like testing/review the future v4)

Thanks!
-- 
Yoann Congal
Smile ECS



  reply	other threads:[~2026-07-03  8:55 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-06-29 13:14 [OE-core] [wrynose] [PATCH 1/6] curl: ignore CVE-2026-4873 Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-06-29 13:14 ` [OE-core] [wrynose] [PATCH 2/6] curl: fix CVE-2026-5545 Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-06-29 13:14 ` [OE-core] [wrynose] [PATCH 3/6] curl: ignore CVE-2026-5773 Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-07-03  8:55   ` Yoann Congal [this message]
2026-06-29 13:14 ` [OE-core] [wrynose] [PATCH 4/6] curl: fix CVE-2026-6253 Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-06-29 13:14 ` [OE-core] [wrynose] [PATCH 5/6] curl: fix CVE-2026-6429 Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-07-03  9:38   ` Yoann Congal
2026-06-29 13:14 ` [OE-core] [wrynose] [PATCH 6/6] curl: fix CVE-2026-7168 Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=DJOT6ANHNV3F.1FEBM29Y1OF79@smile.fr \
    --to=yoann.congal@smile.fr \
    --cc=adongare@cisco.com \
    --cc=openembedded-core@lists.openembedded.org \
    --cc=xe-linux-external@cisco.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox