diff options
| author | Gyorgy Sarvari <skandigraun@gmail.com> | 2025-11-24 16:10:57 +0100 |
|---|---|---|
| committer | Khem Raj <raj.khem@gmail.com> | 2025-11-24 09:03:39 -0800 |
| commit | caa1447756ce8e6d34a8f292954ba2e2f924719e (patch) | |
| tree | f6dbd04b962b9855530f8000167820637b0bcb74 | |
| parent | 2c1493dea14363d0889f5d2b9e4a6adffaf25266 (diff) | |
| download | meta-openembedded-caa1447756ce8e6d34a8f292954ba2e2f924719e.tar.gz | |
tigervnc: ignore CVE-2014-8241
Details: https://nvd.nist.gov/vuln/detail/CVE-2014-8241
The vulnerability is about a potential null-pointer dereference, because
of a malloc result is not verified[1].
The vulnerable code has been refactored since completely[2], and the code isn't
present anymore in the codebase.
[1]: https://github.com/TigerVNC/tigervnc/issues/993#issuecomment-612874972 - attachment
[2]: https://github.com/TigerVNC/tigervnc/commit/b8a24f055f1a29886d8b18bb3f0902144dc5bd14
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
| -rw-r--r-- | meta-oe/recipes-graphics/tigervnc/tigervnc_1.15.0.bb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/meta-oe/recipes-graphics/tigervnc/tigervnc_1.15.0.bb b/meta-oe/recipes-graphics/tigervnc/tigervnc_1.15.0.bb index dd4f79c314..d3159f8a88 100644 --- a/meta-oe/recipes-graphics/tigervnc/tigervnc_1.15.0.bb +++ b/meta-oe/recipes-graphics/tigervnc/tigervnc_1.15.0.bb | |||
| @@ -85,3 +85,5 @@ FILES:${PN} += " \ | |||
| 85 | " | 85 | " |
| 86 | 86 | ||
| 87 | SYSTEMD_SERVICE:${PN} = "vncserver@.service" | 87 | SYSTEMD_SERVICE:${PN} = "vncserver@.service" |
| 88 | |||
| 89 | CVE_STATUS[2014-8241] = "fixed-version: The vulnerable code is not present in the used version (1.15.0)" | ||