This was sent by misstate, ignore it please.
Andrej
On Mon, 2023-06-12 at 13:57 +0200, Andrej Valek wrote:
> All mentioned CVEs are related to HSTS check feature, which is not
> implemented in version 7.69.1 .
>
> Signed-off-by: Andrej Valek <andrej.va...@siemens.com>
> ---
> meta/recipes-support/curl/curl_7.69.1.bb | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/meta/recipes-support/curl/curl_7.69.1.bb b/meta/recipes-
> support/curl/curl_7.69.1.bb
> index 899daf8eac..ea36c0bd3d 100644
> --- a/meta/recipes-support/curl/curl_7.69.1.bb
> +++ b/meta/recipes-support/curl/curl_7.69.1.bb
> @@ -56,6 +56,9 @@ CVE_CHECK_WHITELIST = "CVE-2021-22922 CVE-2021-22923 CVE-
> 2021-22926 CVE-2021-229
> # This CVE issue affects Windows only Hence whitelisting this CVE
> CVE_CHECK_WHITELIST += "CVE-2021-22897"
>
> +# HSTS check feature is not implemented
> +CVE_CHECK_WHITELIST += "CVE-2022-42915 CVE-2022-42916 CVE-2022-43551"
> +
> inherit autotools pkgconfig binconfig multilib_header
>
> PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} gnutls
> libidn proxy threaded-resolver verbose zlib"
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#182668):
https://lists.openembedded.org/g/openembedded-core/message/182668
Mute This Topic: https://lists.openembedded.org/mt/99481050/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
