diff options
| author | Peter Marko <peter.marko@siemens.com> | 2025-08-18 20:10:48 +0200 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2025-08-22 05:59:55 -0700 |
| commit | 9c4fe6dac5c88a3ad488a4c131649bcb3ae170dd (patch) | |
| tree | a110c3a0509a43624e777105cf7317a500e3df6f | |
| parent | 819f151bed1827bb7bdf8823aad2a083e097c61a (diff) | |
| download | poky-9c4fe6dac5c88a3ad488a4c131649bcb3ae170dd.tar.gz | |
glib-2.0: ignore CVE-2025-4056
NVD report [1] says:
A flaw was found in GLib. A denial of service on **Windows platforms**
may occur if an application attempts to spawn a program using long
command lines.
The fix [3] (linked from [2]) also changes only files
glib/gspawn-win32-helper.c
glib/gspawn-win32.c
[1] https://nvd.nist.gov/vuln/detail/CVE-2025-4056
[2] https://gitlab.gnome.org/GNOME/glib/-/issues/3668
[3] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4570
(From OE-Core rev: 5858567a9222d9fff6f0a282cf7c7bda4e19af57)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
| -rw-r--r-- | meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb index e1a3b57270..53e0543045 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb | |||
| @@ -66,3 +66,5 @@ def find_meson_cross_files(d): | |||
| 66 | python () { | 66 | python () { |
| 67 | find_meson_cross_files(d) | 67 | find_meson_cross_files(d) |
| 68 | } | 68 | } |
| 69 | |||
| 70 | CVE_STATUS[CVE-2025-4056] = "not-applicable-platform: Issue only applies on Windows" | ||