libxml2: ignore disputed CVE-2023-45322

This CVE is a use-after-free which theoretically can be an exploit vector, but this UAF only occurs when malloc() fails. As it's unlikely that the user can orchestrate malloc() failures at just the place to break on _this_ malloc and not others it is disputed that this is actually a security issue. The underlying bug has been fixed, and will be incorporated into the next release. (From OE-Core rev: b93dd888b861aa6df97cd78b70fa9f757cfcdf61) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ross Burton <ross.burton@arm.com> 2023-10-23 18:38:19 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-10-26 15:29:34 +0100
commit: 01a5135980bcfb67fe721f144c8dd222fa2399b2 (patch)
tree: 374f89976a397e38ef77cd9002a7d6fb74983073 /meta/recipes-core/libxml
parent: 71bf3fcf0f529acc8c06962b29d7fe9f89707167 (diff)
download: poky-01a5135980bcfb67fe721f144c8dd222fa2399b2.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2_2.11.5.bb b/meta/recipes-core/libxml/libxml2_2.11.5.bb
index 4cf6dd09a9..fc82912df2 100644
--- a/meta/recipes-core/libxml/libxml2_2.11.5.bb
+++ b/meta/recipes-core/libxml/libxml2_2.11.5.bb
@@ -21,6 +21,9 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testt
 SRC_URI[archive.sha256sum] = "3727b078c360ec69fa869de14bd6f75d7ee8d36987b071e6928d4720a28df3a6"
 SRC_URI[testtar.sha256sum] = "c6b2d42ee50b8b236e711a97d68e6c4b5c8d83e69a2be4722379f08702ea7273"
+# Disputed as a security issue, but fixed in d39f780
+CVE_STATUS[CVE-2023-45322] = "disputed: issue requires memory allocation to fail"
 BINCONFIG = "${bindir}/xml2-config"
 PACKAGECONFIG ??= "python \
author	Ross Burton <ross.burton@arm.com>	2023-10-23 18:38:19 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-10-26 15:29:34 +0100
commit	01a5135980bcfb67fe721f144c8dd222fa2399b2 (patch)
tree	374f89976a397e38ef77cd9002a7d6fb74983073 /meta/recipes-core/libxml
parent	71bf3fcf0f529acc8c06962b29d7fe9f89707167 (diff)
download	poky-01a5135980bcfb67fe721f144c8dd222fa2399b2.tar.gz

diff --git a/meta/recipes-core/libxml/libxml2_2.11.5.bb b/meta/recipes-core/libxml/libxml2_2.11.5.bb index 4cf6dd09a9..fc82912df2 100644 --- a/meta/recipes-core/libxml/libxml2_2.11.5.bb +++ b/meta/recipes-core/libxml/libxml2_2.11.5.bb
@@ -21,6 +21,9 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testt
21	SRC_URI[archive.sha256sum] = "3727b078c360ec69fa869de14bd6f75d7ee8d36987b071e6928d4720a28df3a6"	21	SRC_URI[archive.sha256sum] = "3727b078c360ec69fa869de14bd6f75d7ee8d36987b071e6928d4720a28df3a6"
22	SRC_URI[testtar.sha256sum] = "c6b2d42ee50b8b236e711a97d68e6c4b5c8d83e69a2be4722379f08702ea7273"	22	SRC_URI[testtar.sha256sum] = "c6b2d42ee50b8b236e711a97d68e6c4b5c8d83e69a2be4722379f08702ea7273"
23		23
		24	# Disputed as a security issue, but fixed in d39f780
		25	CVE_STATUS[CVE-2023-45322] = "disputed: issue requires memory allocation to fail"
		26
24	BINCONFIG = "${bindir}/xml2-config"	27	BINCONFIG = "${bindir}/xml2-config"
25		28
26	PACKAGECONFIG ??= "python \	29	PACKAGECONFIG ??= "python \