perl: Fix CVE-2023-31486 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Soumya <soumya.sambu@windriver.com>	2023-07-18 03:06:36 +0000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-07-21 11:52:26 +0100
commit	c80fafccafbfd1bf75d847d3ca05b444abf49495 (patch)
tree	c3837d3e6c29cd3ca8caa28c16a7df630a562122 /scripts/lib/scriptpath.py
parent	849b0dcebbae6d7f59c701fb2faeafdb8bd637e3 (diff)
download	poky-c80fafccafbfd1bf75d847d3ca05b444abf49495.tar.gz

perl: Fix CVE-2023-31486

HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. References: https://nvd.nist.gov/vuln/detail/CVE-2023-31486 Upstream patches: https://github.com/chansen/p5-http-tiny/commit/77f557ef84698efeb6eed04e4a9704eaf85b741d https://github.com/chansen/p5-http-tiny/commit/a22785783b17cbaa28afaee4a024d81a1903701d (From OE-Core rev: e021fcc420b15d96b32f77f2b38324651dbd454c) Signed-off-by: Soumya <soumya.sambu@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/lib/scriptpath.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: