From: Simone Weiß <[email protected]> This CVE affects google cloud services that utilize libcurl wrongly.
Signed-off-by: Simone Weiß <[email protected]> Signed-off-by: Richard Purdie <[email protected]> (cherry picked from commit 27ac7879711e7119b4ec8b190b0a9da5b3ede269) Signed-off-by: Steve Sakoman <[email protected]> --- meta/recipes-support/curl/curl_8.7.1.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-support/curl/curl_8.7.1.bb b/meta/recipes-support/curl/curl_8.7.1.bb index a2cee8ba23..5442d8d4fd 100644 --- a/meta/recipes-support/curl/curl_8.7.1.bb +++ b/meta/recipes-support/curl/curl_8.7.1.bb @@ -23,6 +23,7 @@ SRC_URI[sha256sum] = "6fea2aac6a4610fbd0400afb0bcddbe7258a64c63f1f68e5855ebc0c65 # Curl has used many names over the years... CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl" +CVE_STATUS[CVE-2024-32928] = "ignored: CURLOPT_SSL_VERIFYPEER was disabled on google cloud services causing a potential man in the middle attack" inherit autotools pkgconfig binconfig multilib_header ptest -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#203924): https://lists.openembedded.org/g/openembedded-core/message/203924 Mute This Topic: https://lists.openembedded.org/mt/108160997/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
