From be2a2b5754480949975ca46e4d068301b3bb2f79 Mon Sep 17 00:00:00 2001 From: Archana Polampalli Date: Thu, 20 Jul 2023 11:35:41 +0000 Subject: yasm: fix CVE-2023-31975 yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c. References: https://nvd.nist.gov/vuln/detail/CVE-2023-31975 https://github.com/yasm/yasm/issues/210 Upstream patches: https://github.com/yasm/yasm/commit/b2cc5a1693b17ac415df76d0795b15994c106441 Signed-off-by: Archana Polampalli Signed-off-by: Khem Raj --- meta-oe/recipes-devtools/yasm/yasm_git.bb | 1 + 1 file changed, 1 insertion(+) (limited to 'meta-oe/recipes-devtools/yasm/yasm_git.bb') diff --git a/meta-oe/recipes-devtools/yasm/yasm_git.bb b/meta-oe/recipes-devtools/yasm/yasm_git.bb index 3dd382be1f..19686ff275 100644 --- a/meta-oe/recipes-devtools/yasm/yasm_git.bb +++ b/meta-oe/recipes-devtools/yasm/yasm_git.bb @@ -12,6 +12,7 @@ PV = "1.3.0+git${SRCPV}" SRCREV = "ba463d3c26c0ece2e797b8d6381b161633b5971a" SRC_URI = "git://github.com/yasm/yasm.git;branch=master;protocol=https \ file://0001-Do-not-use-AC_HEADER_STDC.patch \ + file://CVE-2023-31975.patch \ " S = "${WORKDIR}/git" -- cgit v1.2.3-54-g00ecf