diff options
| author | Mikko Rapeli <mikko.rapeli@bmw.de> | 2021-01-05 12:18:20 +0200 | 
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-01-13 08:57:57 +0000 | 
| commit | b8d9f563e8f2653862c99a574522b422325b6357 (patch) | |
| tree | aeb45d5d76bdbe791ae5b00687ae980b6e1fe9ff /scripts/lib/wic/pluginbase.py | |
| parent | 65d47dddf58c31ecfbb3ac63966d49fc920fcb4a (diff) | |
| download | poky-b8d9f563e8f2653862c99a574522b422325b6357.tar.gz | |
glib-2.0: add patch for CVE-2020-35457
Upstream has disputed CVE-2020-35457 claiming it's not exploitable but
the patch is simple to add.
https://security-tracker.debian.org/tracker/CVE-2020-35457
"https://gitlab.gnome.org/GNOME/glib/-/commit/63c5b62f0a984fac9a9700b12f54fe878e016a5d
https://gitlab.gnome.org/GNOME/glib/-/issues/2197
Upstream position is that it is not realistically a security issue."
For master branch this CVE is not reported by CVE checker:
NOTE: glib-2.0-2.66.4 is not vulnerable to CVE-2020-35457
(From OE-Core rev: 196d6a668fb44ac3f69d791d42d2eead285a758e)
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'scripts/lib/wic/pluginbase.py')
0 files changed, 0 insertions, 0 deletions
