diff mbox series

curl: Ignore CVE-2024-32928

Message ID 20240825115234.58306-1-simone.p.weiss@posteo.com
State Accepted, archived
Commit 27ac7879711e7119b4ec8b190b0a9da5b3ede269
Headers show
Series curl: Ignore CVE-2024-32928 | expand

Commit Message

Simone Weiß Aug. 25, 2024, 11:52 a.m. UTC 
From: Simone Weiß <simone.p.weiss@posteo.com>

This CVE affects google cloud services that utilize libcurl wrongly.

Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
---
 meta/recipes-support/curl/curl_8.9.1.bb | 1 +
 1 file changed, 1 insertion(+)
diff mbox series

Patch

diff --git a/meta/recipes-support/curl/curl_8.9.1.bb b/meta/recipes-support/curl/curl_8.9.1.bb
index 4d96a4e034..745224929b 100644
--- a/meta/recipes-support/curl/curl_8.9.1.bb
+++ b/meta/recipes-support/curl/curl_8.9.1.bb
@@ -20,6 +20,7 @@  SRC_URI[sha256sum] = "f292f6cc051d5bbabf725ef85d432dfeacc8711dd717ea97612ae59064
 
 # Curl has used many names over the years...
 CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"
+CVE_STATUS[CVE-2024-32928] = "ignored: CURLOPT_SSL_VERIFYPEER was disabled on google cloud services causing a potential man in the middle attack"
 
 inherit autotools pkgconfig binconfig multilib_header ptest