diff options
Diffstat (limited to 'meta/recipes-core/glibc')
-rw-r--r-- | meta/recipes-core/glibc/glibc_2.37.bb | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/meta/recipes-core/glibc/glibc_2.37.bb b/meta/recipes-core/glibc/glibc_2.37.bb index 3387441cad..851aa612b1 100644 --- a/meta/recipes-core/glibc/glibc_2.37.bb +++ b/meta/recipes-core/glibc/glibc_2.37.bb | |||
@@ -4,18 +4,19 @@ require glibc-version.inc | |||
4 | # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010022 | 4 | # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010022 |
5 | # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010023 | 5 | # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010023 |
6 | # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010024 | 6 | # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010024 |
7 | # Upstream glibc maintainers dispute there is any issue and have no plans to address it further. | 7 | CVE_STATUS_GROUPS = "CVE_STATUS_RECIPE" |
8 | # "this is being treated as a non-security bug and no real threat." | 8 | CVE_STATUS_RECIPE = "CVE-2019-1010022 CVE-2019-1010023 CVE-2019-1010024" |
9 | CVE_CHECK_IGNORE += "CVE-2019-1010022 CVE-2019-1010023 CVE-2019-1010024" | 9 | CVE_STATUS_RECIPE[status] = "disputed: \ |
10 | Upstream glibc maintainers dispute there is any issue and have no plans to address it further. \ | ||
11 | this is being treated as a non-security bug and no real threat." | ||
10 | 12 | ||
11 | # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010025 | 13 | # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010025 |
12 | # Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, may allow | ||
13 | # easier access for another. "ASLR bypass itself is not a vulnerability." | ||
14 | # Potential patch at https://sourceware.org/bugzilla/show_bug.cgi?id=22853 | 14 | # Potential patch at https://sourceware.org/bugzilla/show_bug.cgi?id=22853 |
15 | CVE_CHECK_IGNORE += "CVE-2019-1010025" | 15 | CVE_STATUS[CVE-2019-1010025] = "disputed: \ |
16 | Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, may allow \ | ||
17 | easier access for another. 'ASLR bypass itself is not a vulnerability.'" | ||
16 | 18 | ||
17 | # This is integrated into the 2.37 branch as of 07b9521fc6 | 19 | CVE_STATUS[CVE-2023-25139] = "cpe-stable-backport: This is integrated into the 2.37 branch as of 07b9521fc6" |
18 | CVE_CHECK_IGNORE += "CVE-2023-25139" | ||
19 | 20 | ||
20 | DEPENDS += "gperf-native bison-native" | 21 | DEPENDS += "gperf-native bison-native" |
21 | 22 | ||