diff options
| author | Gyorgy Sarvari <skandigraun@gmail.com> | 2025-12-24 13:19:30 +0530 |
|---|---|---|
| committer | Anuj Mittal <anuj.mittal@oss.qualcomm.com> | 2025-12-30 07:08:14 +0530 |
| commit | 8a991e7e3cdbc9999f9e84f22c69f759d1ac8168 (patch) | |
| tree | b14e373befd15b4c511f26a0458550fd462c92d7 | |
| parent | 6593af3931c9678d49bf6877d6e9de924567e0ad (diff) | |
| download | meta-openembedded-8a991e7e3cdbc9999f9e84f22c69f759d1ac8168.tar.gz | |
libcoap: ignore CVE-2025-50518
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-50518
The vulnerability is disputed by upstream, because the vulnerability
requires a user error, incorrect library usage. See also an upstream
discussion in a related (rejected) PR: https://github.com/obgm/libcoap/pull/1726
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 598176e1cb6c928e322e26d358e8d01ba9d5af0a)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
| -rw-r--r-- | meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb b/meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb index 65bf455d9b..4f5a986858 100644 --- a/meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb +++ b/meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb | |||
| @@ -62,3 +62,5 @@ PACKAGE_BEFORE_PN += "\ | |||
| 62 | 62 | ||
| 63 | FILES:${PN}-bin = "${bindir}" | 63 | FILES:${PN}-bin = "${bindir}" |
| 64 | FILES:${PN}-dev += "${datadir}/${BPN}/examples" | 64 | FILES:${PN}-dev += "${datadir}/${BPN}/examples" |
| 65 | |||
| 66 | CVE_STATUS[CVE-2025-50518] = "disputed: happens only when library is used incorrectly" | ||
