diff options
| author | Peter Marko <peter.marko@siemens.com> | 2024-08-25 23:44:13 +0200 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2024-09-04 05:57:57 -0700 |
| commit | da07e6ee3464ce85595ccea9a3d1863b5cf446b3 (patch) | |
| tree | af40f2ec9e59e6200228cda0535ecc542a7ef86f /meta | |
| parent | 2b5ca6638e1a490a1230bccdb34a95b43f3d253e (diff) | |
| download | poky-da07e6ee3464ce85595ccea9a3d1863b5cf446b3.tar.gz | |
libyaml: Ignore CVE-2024-35325
This is similar CVE as the previous ones from the same author.
https://github.com/yaml/libyaml/issues/303 explain why this is misuse
(or wrong use) of libyaml.
(From OE-Core rev: a28240d49c111050e253e373507ac3094b74f6e1)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta')
| -rw-r--r-- | meta/recipes-support/libyaml/libyaml_0.2.5.bb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/meta/recipes-support/libyaml/libyaml_0.2.5.bb b/meta/recipes-support/libyaml/libyaml_0.2.5.bb index e30dc5a43f..514c60779c 100644 --- a/meta/recipes-support/libyaml/libyaml_0.2.5.bb +++ b/meta/recipes-support/libyaml/libyaml_0.2.5.bb | |||
| @@ -20,5 +20,7 @@ DISABLE_STATIC:class-native = "" | |||
| 20 | 20 | ||
| 21 | # upstream-wontfix: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302 | 21 | # upstream-wontfix: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302 |
| 22 | CVE_CHECK_IGNORE += "CVE-2024-35326 CVE-2024-35328" | 22 | CVE_CHECK_IGNORE += "CVE-2024-35326 CVE-2024-35328" |
| 23 | # upstream-wontfix: Upstream thinks this is a misuse (or wrong use) of the libyaml API - https://github.com/yaml/libyaml/issues/303 | ||
| 24 | CVE_CHECK_IGNORE += "CVE-2024-35325" | ||
| 23 | 25 | ||
| 24 | BBCLASSEXTEND = "native nativesdk" | 26 | BBCLASSEXTEND = "native nativesdk" |