libxml2: ignore CVE-2025-8732

The code maintainer disputes the CVE as the issue can only be triggered with untrusted SGML catalogs and it makes absolutely no sense to use untrusted catalogs. The issue triggers a crash if an invalid file is provided. Source: https://gitlab.gnome.org/GNOME/libxml2/-/issues/958" (From OE-Core rev: 348ce728af1cea4f909de5c3597801b5612719e4) Signed-off-by: Daniel Turull <daniel.turull@ericsson.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Daniel Turull <daniel.turull@ericsson.com> 2025-08-19 12:47:24 +0200
committer: Steve Sakoman <steve@sakoman.com> 2025-08-22 05:59:55 -0700
commit: 3318b5eb4d479c1fbb8e6c1568c92362fe35521d (patch)
tree: 01a3f1ba958ee45f5267c0f905783bfcf348f6ae
parent: 9c4fe6dac5c88a3ad488a4c131649bcb3ae170dd (diff)
download: poky-3318b5eb4d479c1fbb8e6c1568c92362fe35521d.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2_2.12.10.bb b/meta/recipes-core/libxml/libxml2_2.12.10.bb
index 078988286a..a155c3708e 100644
--- a/meta/recipes-core/libxml/libxml2_2.12.10.bb
+++ b/meta/recipes-core/libxml/libxml2_2.12.10.bb
@@ -32,6 +32,10 @@ SRC_URI[testtar.sha256sum] = "c6b2d42ee50b8b236e711a97d68e6c4b5c8d83e69a2be47223
 # Disputed as a security issue, but fixed in d39f780
 CVE_STATUS[CVE-2023-45322] = "disputed: issue requires memory allocation to fail"
+# Disputed as a security issue, if attempts to process an invalid file, it fails
+# https://gitlab.gnome.org/GNOME/libxml2/-/issues/958
+CVE_STATUS[CVE-2025-8732] = "disputed: the code maintainer explains, that the issue can only be triggered with untrusted SGML catalogs and it makes absolutely no sense to use untrusted catalogs. The issue triggers a crash if an invalid file is provided.  https://gitlab.gnome.org/GNOME/libxml2/-/issues/958"
 BINCONFIG = "${bindir}/xml2-config"
 PACKAGECONFIG ??= "python \
author	Daniel Turull <daniel.turull@ericsson.com>	2025-08-19 12:47:24 +0200
committer	Steve Sakoman <steve@sakoman.com>	2025-08-22 05:59:55 -0700
commit	3318b5eb4d479c1fbb8e6c1568c92362fe35521d (patch)
tree	01a3f1ba958ee45f5267c0f905783bfcf348f6ae
parent	9c4fe6dac5c88a3ad488a4c131649bcb3ae170dd (diff)
download	poky-3318b5eb4d479c1fbb8e6c1568c92362fe35521d.tar.gz

diff --git a/meta/recipes-core/libxml/libxml2_2.12.10.bb b/meta/recipes-core/libxml/libxml2_2.12.10.bb index 078988286a..a155c3708e 100644 --- a/meta/recipes-core/libxml/libxml2_2.12.10.bb +++ b/meta/recipes-core/libxml/libxml2_2.12.10.bb
@@ -32,6 +32,10 @@ SRC_URI[testtar.sha256sum] = "c6b2d42ee50b8b236e711a97d68e6c4b5c8d83e69a2be47223
32	# Disputed as a security issue, but fixed in d39f780	32	# Disputed as a security issue, but fixed in d39f780
33	CVE_STATUS[CVE-2023-45322] = "disputed: issue requires memory allocation to fail"	33	CVE_STATUS[CVE-2023-45322] = "disputed: issue requires memory allocation to fail"
34		34
		35	# Disputed as a security issue, if attempts to process an invalid file, it fails
		36	# https://gitlab.gnome.org/GNOME/libxml2/-/issues/958
		37	CVE_STATUS[CVE-2025-8732] = "disputed: the code maintainer explains, that the issue can only be triggered with untrusted SGML catalogs and it makes absolutely no sense to use untrusted catalogs. The issue triggers a crash if an invalid file is provided. https://gitlab.gnome.org/GNOME/libxml2/-/issues/958"
		38
35	BINCONFIG = "${bindir}/xml2-config"	39	BINCONFIG = "${bindir}/xml2-config"
36		40
37	PACKAGECONFIG ??= "python \	41	PACKAGECONFIG ??= "python \