Re: [OE-core] [dunfell][PATCH v2] curl: Fix CVE-2021-22924 and CVE-2021-22925

On Wed, Aug 4, 2021 at 9:42 AM Mike Crowe wrote: > > On Wednesday 04 August 2021 at 08:05:27 -1000, Steve Sakoman wrote: > > On Wed, Aug 4, 2021 at 7:27 AM Steve Sakoman via > > lists.openembedded.org > > wrote: > > > > > > On Wed, Aug 4, 2021 at 7:06 AM Mike Crowe via lists.openembedded.org > >

Re: [OE-core] [dunfell][PATCH v2] curl: Fix CVE-2021-22924 and CVE-2021-22925

On Wednesday 04 August 2021 at 08:05:27 -1000, Steve Sakoman wrote: > On Wed, Aug 4, 2021 at 7:27 AM Steve Sakoman via > lists.openembedded.org > wrote: > > > > On Wed, Aug 4, 2021 at 7:06 AM Mike Crowe via lists.openembedded.org > > wrote: > > > > > > curl v7.78 contained fixes for five CVEs: >

Re: [OE-core] [dunfell][PATCH v2] curl: Fix CVE-2021-22924 and CVE-2021-22925

On Wed, Aug 4, 2021 at 7:27 AM Steve Sakoman via lists.openembedded.org wrote: > > On Wed, Aug 4, 2021 at 7:06 AM Mike Crowe via lists.openembedded.org > wrote: > > > > curl v7.78 contained fixes for five CVEs: > > > > CVE-2021-22922[1] and CVE-2021-22923[2] are only present when support > > for

Re: [OE-core] [dunfell][PATCH v2] curl: Fix CVE-2021-22924 and CVE-2021-22925

On Wed, Aug 4, 2021 at 7:06 AM Mike Crowe via lists.openembedded.org wrote: > > curl v7.78 contained fixes for five CVEs: > > CVE-2021-22922[1] and CVE-2021-22923[2] are only present when support > for metalink is enabled. EXTRA_OECONF contains "--without-libmetalink" > so these fixes are

[OE-core] [dunfell][PATCH v2] curl: Fix CVE-2021-22924 and CVE-2021-22925

curl v7.78 contained fixes for five CVEs: CVE-2021-22922[1] and CVE-2021-22923[2] are only present when support for metalink is enabled. EXTRA_OECONF contains "--without-libmetalink" so these fixes are unnecessary. CVE-2021-22926[3] only affects builds for MacOS. CVE-2021-22924[4] and