libyaml: Ignore CVE-2024-35325

This is similar CVE as the previous ones from the same author. https://github.com/yaml/libyaml/issues/303 explain why this is misuse (or wrong use) of libyaml. (From OE-Core rev: c97f00d122f60501751625e27b9c70166396d754) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Peter Marko <peter.marko@siemens.com> 2024-08-25 23:41:44 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2024-08-28 09:14:26 +0100
commit: cd25fc78d8707d4c4481f08c83f4d6bbed45b5a4 (patch)
tree: 45d6b38a26af5e84404bef09ab86d0d9239db1ac
parent: e91fe496fe2a6dd5ba87b8599e763322fa8d1b4e (diff)
download: poky-cd25fc78d8707d4c4481f08c83f4d6bbed45b5a4.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-support/libyaml/libyaml_0.2.5.bb b/meta/recipes-support/libyaml/libyaml_0.2.5.bb
index 334d9113d2..aa7fc5e914 100644
--- a/meta/recipes-support/libyaml/libyaml_0.2.5.bb
+++ b/meta/recipes-support/libyaml/libyaml_0.2.5.bb
@@ -18,6 +18,7 @@ inherit autotools
 DISABLE_STATIC:class-nativesdk = ""
 DISABLE_STATIC:class-native = ""
+CVE_STATUS[CVE-2024-35325] = "upstream-wontfix: Upstream thinks this is a misuse (or wrong use) of the libyaml API - https://github.com/yaml/libyaml/issues/303"
 CVE_STATUS[CVE-2024-35326] = "upstream-wontfix: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302"
 CVE_STATUS[CVE-2024-35328] = "upstream-wontfix: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302"
author	Peter Marko <peter.marko@siemens.com>	2024-08-25 23:41:44 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2024-08-28 09:14:26 +0100
commit	cd25fc78d8707d4c4481f08c83f4d6bbed45b5a4 (patch)
tree	45d6b38a26af5e84404bef09ab86d0d9239db1ac
parent	e91fe496fe2a6dd5ba87b8599e763322fa8d1b4e (diff)
download	poky-cd25fc78d8707d4c4481f08c83f4d6bbed45b5a4.tar.gz

diff --git a/meta/recipes-support/libyaml/libyaml_0.2.5.bb b/meta/recipes-support/libyaml/libyaml_0.2.5.bb index 334d9113d2..aa7fc5e914 100644 --- a/meta/recipes-support/libyaml/libyaml_0.2.5.bb +++ b/meta/recipes-support/libyaml/libyaml_0.2.5.bb
@@ -18,6 +18,7 @@ inherit autotools
18	DISABLE_STATIC:class-nativesdk = ""	18	DISABLE_STATIC:class-nativesdk = ""
19	DISABLE_STATIC:class-native = ""	19	DISABLE_STATIC:class-native = ""
20		20
		21	CVE_STATUS[CVE-2024-35325] = "upstream-wontfix: Upstream thinks this is a misuse (or wrong use) of the libyaml API - https://github.com/yaml/libyaml/issues/303"
21	CVE_STATUS[CVE-2024-35326] = "upstream-wontfix: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302"	22	CVE_STATUS[CVE-2024-35326] = "upstream-wontfix: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302"
22	CVE_STATUS[CVE-2024-35328] = "upstream-wontfix: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302"	23	CVE_STATUS[CVE-2024-35328] = "upstream-wontfix: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302"
23		24