projects / scm / bb / tizen-distro.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ab7b657) | patch
curl: Security Advisory - curl - CVE-2014-3620
authorChong Lu <Chong.Lu@windriver.com>
Tue, 4 Nov 2014 01:35:18 +0000 (09:35 +0800)
committerPatrick Ohly <patrick.ohly@intel.com>
Fri, 9 Jan 2015 17:18:39 +0000 (09:18 -0800)
commita08e871c17d54ac0891d4d68fd104efbd42529e5
tree88de8bd2eeeb34dfee1ed964fae4ec3fde15be2ctree | snapshot
parentab7b65717416e6d2bfa077c061a29fe1301813b2commit | diff
curl: Security Advisory - curl - CVE-2014-3620

libcurl wrongly allows cookies to be set for Top Level Domains (TLDs), thus
making them apply broader than cookies are allowed. This can allow arbitrary
sites to set cookies that then would get sent to a different and unrelated site
or domain.

(From OE-Core rev: ddbaade8afbc9767583728bfdc220639203d6853)

(From OE-Core rev: db194a3af25a37ff2d6f091ef021894967ca5910)

Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
meta/recipes-support/curl/curl/CVE-2014-3620.patch [new file with mode: 0644] blob
meta/recipes-support/curl/curl_7.37.1.bb diff | blob | history
Domain: SCM / BB;