sassc: ignore CVE-2022-43357 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Peter Marko <peter.marko@siemens.com>	2026-03-05 17:28:05 +0100
committer	Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-03-24 08:52:05 +0530
commit	ada8211493388476677d61ffee32464c1cebf35f (patch)
tree	7973268cbf73133ce54e907464964af3e9853d4b /meta-python/recipes-devtools/python/python3-smbus
parent	604a54d74264cda4d0bb000a8af996956f54e9c7 (diff)
download	meta-openembedded-ada8211493388476677d61ffee32464c1cebf35f.tar.gz

sassc: ignore CVE-2022-43357

This CVE is fixed in current libsass recipe version. So wrapper around it will also not show this problem. It's usual usecase is to be statically linked with libsass which is probably the reason why this is listed as vulnerable component. [1] links [2] as issue tracker which points to [3] as fix. [4] as base repository for the recipe is not involved and files from [3] are not present in this repository. [1] https://nvd.nist.gov/vuln/detail/CVE-2022-43357 [2] https://github.com/sass/libsass/issues/3177 [3] https://github.com/sass/libsass/pull/3184 [4] https://github.com/sass/sassc/ Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 576b84263bac4dda26d84d116a9e7628a126f866) Scarthgap has also the fixed libsass version (3.6.6), the CVE can be considered fixed. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-smbus')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: