All mentioned CVEs are related to HSTS check feature, which is not implemented in version 7.69.1 .
Signed-off-by: Andrej Valek <[email protected]> --- meta/recipes-support/curl/curl_7.69.1.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-support/curl/curl_7.69.1.bb b/meta/recipes-support/curl/curl_7.69.1.bb index 899daf8eac..ea36c0bd3d 100644 --- a/meta/recipes-support/curl/curl_7.69.1.bb +++ b/meta/recipes-support/curl/curl_7.69.1.bb @@ -56,6 +56,9 @@ CVE_CHECK_WHITELIST = "CVE-2021-22922 CVE-2021-22923 CVE-2021-22926 CVE-2021-229 # This CVE issue affects Windows only Hence whitelisting this CVE CVE_CHECK_WHITELIST += "CVE-2021-22897" +# HSTS check feature is not implemented +CVE_CHECK_WHITELIST += "CVE-2022-42915 CVE-2022-42916 CVE-2022-43551" + inherit autotools pkgconfig binconfig multilib_header PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} gnutls libidn proxy threaded-resolver verbose zlib" -- 2.39.2
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#182666): https://lists.openembedded.org/g/openembedded-core/message/182666 Mute This Topic: https://lists.openembedded.org/mt/99481050/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
