curl: Fix CVE-2021-22924 and CVE-2021-22925
curl v7.78 contained fixes for five CVEs: CVE-2021-22922[1] and CVE-2021-22923[2] are only present when support for metalink is enabled. EXTRA_OECONF contains "--without-libmetalink" so these fixes are unnecessary. CVE-2021-22926[3] only affects builds for MacOS. CVE-2021-22924[4] and CVE-2021-22925[5] are both applicable. Take the patches from Ubuntu 20.04 curl_7.68.0-1ubuntu2.6 package which is close enough that the patch for CVE-2021-22924 applies without conflicts.. [1] https://curl.se/docs/CVE-2021-22922.html [2] https://curl.se/docs/CVE-2021-22923.html [3] https://curl.se/docs/CVE-2021-22926.html [4] https://curl.se/docs/CVE-2021-22924.html [5] https://curl.se/docs/CVE-2021-22925.html Signed-off-by:Mike Crowe <mac@mcrowe.com> Signed-off-by:
Loading
Please register or sign in to comment