diff options
| author | Peter Marko <peter.marko@siemens.com> | 2025-08-18 20:10:37 +0200 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2025-08-22 07:07:19 -0700 |
| commit | bedb86690f169a9d097372e3c2c16cb911255344 (patch) | |
| tree | f89a97cfc517bb2527720250d8d99874f9fe9b5b | |
| parent | 6a6d768268480ca8754b8d7c57b7ad06d3ef463a (diff) | |
| download | poky-bedb86690f169a9d097372e3c2c16cb911255344.tar.gz | |
glib-2.0: ignore CVE-2025-4056
NVD report [1] says:
A flaw was found in GLib. A denial of service on **Windows platforms**
may occur if an application attempts to spawn a program using long
command lines.
The fix [3] (linked from [2]) also changes only files
glib/gspawn-win32-helper.c
glib/gspawn-win32.c
[1] https://nvd.nist.gov/vuln/detail/CVE-2025-4056
[2] https://gitlab.gnome.org/GNOME/glib/-/issues/3668
[3] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4570
(From OE-Core rev: 8c69793deb78cf9718801825477938c22e229eca)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
| -rw-r--r-- | meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb index 8d2c452088..31b6c1fe98 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb | |||
| @@ -97,3 +97,6 @@ def find_meson_cross_files(d): | |||
| 97 | python () { | 97 | python () { |
| 98 | find_meson_cross_files(d) | 98 | find_meson_cross_files(d) |
| 99 | } | 99 | } |
| 100 | |||
| 101 | # not-applicable-platform: Issue only applies on Windows | ||
| 102 | CVE_CHECK_IGNORE += "CVE-2025-4056" | ||