mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-02 13:29:49 +00:00
Code Issues Projects Releases Wiki Activity

curl: ignore CVE-2025-0725

Browse Source 
CVE-2025-0725 can only trigger for curl when using a runtime
zlib version 1.2.0.3 or older and kirkstone supports
zlib 1.2.11 version, hence ignore cve for kirkstone.

Reference:
https://curl.se/docs/CVE-2025-0725.html
https://git.openembedded.org/openembedded-core/commit/?h=scarthgap&id=8c3b4a604b40260e7ca9575715dd8017e17d35c0

(From OE-Core rev: 9077246122b1284e8b6430384cccaf6f0b6c80c3)

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Yogita Urade
2025-04-02 08:20:01 +00:00
committed by Steve Sakoman
parent d70d287a77
commit b5b884bc1a
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-support/curl/curl_7.82.0.bb
+2
View File
@@ -73,6 +73,8 @@ CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl dan
CVE_CHECK_IGNORE += "CVE-2023-42915" CVE_CHECK_IGNORE += "CVE-2023-42915"
# ignored: CURLOPT_SSL_VERIFYPEER was disabled on google cloud services causing a potential man in the middle attack # ignored: CURLOPT_SSL_VERIFYPEER was disabled on google cloud services causing a potential man in the middle attack
CVE_CHECK_IGNORE += "CVE-2024-32928" CVE_CHECK_IGNORE += "CVE-2024-32928"
# ignored: gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, using zlib 1.2.0.3 or older
CVE_CHECK_IGNORE += "CVE-2025-0725"
inherit autotools pkgconfig binconfig multilib_header inherit autotools pkgconfig binconfig multilib_header