libyaml: Ignore CVE-2024-35325

This is similar CVE as the previous ones from the same author. https://github.com/yaml/libyaml/issues/303 explain why this is misuse (or wrong use) of libyaml. (From OE-Core rev: f233c1b7d55fbc8c1968c105905462eed5c793e6) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Peter Marko <peter.marko@siemens.com> 2024-08-25 23:43:14 +0200
committer: Steve Sakoman <steve@sakoman.com> 2024-09-03 05:39:12 -0700
commit: 0504e13c02bd7815bb199e2be3f3d2e3260f32f0 (patch)
tree: 055fa45b56330f9dbc1b274fc3157418f82c5a30 /meta
parent: 8c533e92423a77efe3b5d1419ec69723d7e23146 (diff)
download: poky-0504e13c02bd7815bb199e2be3f3d2e3260f32f0.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-support/libyaml/libyaml_0.2.5.bb b/meta/recipes-support/libyaml/libyaml_0.2.5.bb
index 334d9113d2..aa7fc5e914 100644
--- a/meta/recipes-support/libyaml/libyaml_0.2.5.bb
+++ b/meta/recipes-support/libyaml/libyaml_0.2.5.bb
@@ -18,6 +18,7 @@ inherit autotools
 DISABLE_STATIC:class-nativesdk = ""
 DISABLE_STATIC:class-native = ""
+CVE_STATUS[CVE-2024-35325] = "upstream-wontfix: Upstream thinks this is a misuse (or wrong use) of the libyaml API - https://github.com/yaml/libyaml/issues/303"
 CVE_STATUS[CVE-2024-35326] = "upstream-wontfix: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302"
 CVE_STATUS[CVE-2024-35328] = "upstream-wontfix: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302"
author	Peter Marko <peter.marko@siemens.com>	2024-08-25 23:43:14 +0200
committer	Steve Sakoman <steve@sakoman.com>	2024-09-03 05:39:12 -0700
commit	0504e13c02bd7815bb199e2be3f3d2e3260f32f0 (patch)
tree	055fa45b56330f9dbc1b274fc3157418f82c5a30 /meta
parent	8c533e92423a77efe3b5d1419ec69723d7e23146 (diff)
download	poky-0504e13c02bd7815bb199e2be3f3d2e3260f32f0.tar.gz

diff --git a/meta/recipes-support/libyaml/libyaml_0.2.5.bb b/meta/recipes-support/libyaml/libyaml_0.2.5.bb index 334d9113d2..aa7fc5e914 100644 --- a/meta/recipes-support/libyaml/libyaml_0.2.5.bb +++ b/meta/recipes-support/libyaml/libyaml_0.2.5.bb
@@ -18,6 +18,7 @@ inherit autotools
18	DISABLE_STATIC:class-nativesdk = ""	18	DISABLE_STATIC:class-nativesdk = ""
19	DISABLE_STATIC:class-native = ""	19	DISABLE_STATIC:class-native = ""
20		20
		21	CVE_STATUS[CVE-2024-35325] = "upstream-wontfix: Upstream thinks this is a misuse (or wrong use) of the libyaml API - https://github.com/yaml/libyaml/issues/303"
21	CVE_STATUS[CVE-2024-35326] = "upstream-wontfix: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302"	22	CVE_STATUS[CVE-2024-35326] = "upstream-wontfix: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302"
22	CVE_STATUS[CVE-2024-35328] = "upstream-wontfix: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302"	23	CVE_STATUS[CVE-2024-35328] = "upstream-wontfix: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302"
23		24