mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-08 05:09:24 +00:00
Code Issues Projects Releases Wiki Activity

curl: ignore CVE-2025-0725

Browse Source 
CVE-2025-0725 can only trigger for curl when using a runtime
zlib version 1.2.0.3 or older and scarthgap supports
zlib 1.3.1 version, hence ignore cve for scarthgap
https://curl.se/docs/CVE-2025-0725.html

(From OE-Core rev: 8c3b4a604b40260e7ca9575715dd8017e17d35c0)

Signed-off-by: Poonam Jadhav <poonam.jadhav@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Poonam Jadhav
2025-03-04 17:38:52 +05:30
committed by Steve Sakoman
parent d20a52f2fc
commit 84089ba7a8
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-support/curl/curl_8.7.1.bb
+2
View File
@@ -27,6 +27,8 @@ SRC_URI[sha256sum] = "6fea2aac6a4610fbd0400afb0bcddbe7258a64c63f1f68e5855ebc0c65
CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"
CVE_STATUS[CVE-2024-32928] = "ignored: CURLOPT_SSL_VERIFYPEER was disabled on google cloud services causing a potential man in the middle attack"
CVE_STATUS[CVE-2025-0725] = "not-applicable-config: gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, using zlib 1.2.0.3 or older"
inherit autotools pkgconfig binconfig multilib_header ptest
# Entropy source for random PACKAGECONFIG option