On Mon Jun 29, 2026 at 3:14 PM CEST, Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco) via lists.openembedded.org wrote: > From: Anil Dongare <[email protected]> > > - CVE-2026-5773 affects curl before 8.20.0 when an authenticated SMB > connection > can be reused for a different set of credentials. > - In wrynose, SMB support is available only through PACKAGECONFIG[smb] and is > not > enabled by default, so record this CVE as configuration-not-applicable for > the > default recipe configuration. > > Reference: > - https://curl.se/docs/CVE-2026-5773.html > - https://nvd.nist.gov/vuln/detail/CVE-2026-5773 > - > https://github.com/openembedded/openembedded-core/blob/wrynose/meta/recipes-support/curl/curl_8.19.0.bb > > Signed-off-by: Anil Dongare <[email protected]> > ---
Hello, Jaipaul Cheernam is working on fixing this CVE: https://lore.kernel.org/all/[email protected]/ I will hold your patch for now, maybe you can help Jaipaul get their patch merged? (like testing/review the future v4) Thanks! -- Yoann Congal Smile ECS
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#240099): https://lists.openembedded.org/g/openembedded-core/message/240099 Mute This Topic: https://lists.openembedded.org/mt/120029890/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
