Re: [OE-core] [dunfell][PATCH] curl: Fix CVE-2021-22924 and CVE-2021-22925

2021-08-04 Thread Steve Sakoman
On Wed, Aug 4, 2021 at 7:06 AM Mike Crowe wrote: > > On Wednesday 04 August 2021 at 06:44:51 -1000, Steve Sakoman wrote: > > On Tue, Aug 3, 2021 at 10:11 PM Mike Crowe via lists.openembedded.org > > wrote: > > > > > > curl v7.78 contained fixes for five CVEs: > > > > > > CVE-2021-22922 and CVE-20

Re: [OE-core] [dunfell][PATCH] curl: Fix CVE-2021-22924 and CVE-2021-22925

2021-08-04 Thread Mike Crowe via lists.openembedded.org
On Wednesday 04 August 2021 at 06:44:51 -1000, Steve Sakoman wrote: > On Tue, Aug 3, 2021 at 10:11 PM Mike Crowe via lists.openembedded.org > wrote: > > > > curl v7.78 contained fixes for five CVEs: > > > > CVE-2021-22922 and CVE-2021-22923 are only present when support for > > metalink is enabled

Re: [OE-core] [dunfell][PATCH] curl: Fix CVE-2021-22924 and CVE-2021-22925

2021-08-04 Thread Steve Sakoman
On Tue, Aug 3, 2021 at 10:11 PM Mike Crowe via lists.openembedded.org wrote: > > curl v7.78 contained fixes for five CVEs: > > CVE-2021-22922 and CVE-2021-22923 are only present when support for > metalink is enabled. EXTRA_OECONF contains "--without-libmetalink" so > these fixes are unnecessary.

[OE-core] [dunfell][PATCH] curl: Fix CVE-2021-22924 and CVE-2021-22925

2021-08-04 Thread Mike Crowe via lists.openembedded.org
curl v7.78 contained fixes for five CVEs: CVE-2021-22922 and CVE-2021-22923 are only present when support for metalink is enabled. EXTRA_OECONF contains "--without-libmetalink" so these fixes are unnecessary. CVE-2021-22926 only affects builds for MacOS. CVE-2021-22924 and CVE-2021-22925 are bot