mirror of
https://git.yoctoproject.org/poky
synced 2026-07-16 15:57:04 +00:00
curl: ignore CVE-2025-4947 and CVE-2025-5025
These CVEs are for integration with WolfSSL which is not supported by this recipe. Ignore it if openssl packageconfig is enabled as it was done also in scarthgap branch. (From OE-Core rev: 93ae0758ef35031c21a29f84e5481d99c218a232) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
committed by
Steve Sakoman
parent
b7460a996b
commit
9fd2537a3f
@@ -25,6 +25,8 @@ SRC_URI[sha256sum] = "0341f1ed97a26c811abaebd37d62b833956792b7607ea3f15d001613c7
|
||||
# Curl has used many names over the years...
|
||||
CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"
|
||||
CVE_STATUS[CVE-2024-32928] = "ignored: CURLOPT_SSL_VERIFYPEER was disabled on google cloud services causing a potential man in the middle attack"
|
||||
CVE_STATUS[CVE-2025-4947] = "${@bb.utils.contains('PACKAGECONFIG', 'openssl', 'not-applicable-config: applicable only with wolfssl', 'unpatched', d)}"
|
||||
CVE_STATUS[CVE-2025-5025] = "${@bb.utils.contains('PACKAGECONFIG', 'openssl', 'not-applicable-config: applicable only with wolfssl', 'unpatched', d)}"
|
||||
|
||||
inherit autotools pkgconfig binconfig multilib_header ptest
|
||||
|
||||
|
||||
Reference in New Issue
Block a user