json-c: fix CVE-2021-32292 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Adrian Freihofer <adrian.freihofer@gmail.com>	2023-08-29 19:00:46 +0200
committer	Steve Sakoman <steve@sakoman.com>	2023-09-08 16:09:41 -1000
commit	d01be5cf8425c2255eeebaa2277c125441785022 (patch)
tree	5769ec1ceefdd55e12c3aa6d71acdd1758cb2fc6 /scripts/lib/devtool/upgrade.py
parent	be24e2265142fcfe8151811e165c151e948c1bff (diff)
download	poky-d01be5cf8425c2255eeebaa2277c125441785022.tar.gz

json-c: fix CVE-2021-32292

This is a read past end of buffer issue in the json_parse test app, which can happened with malformed json data. It's not an issue with the library itself. For what ever reason this CVE has a base score of 9.8. Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-32292 Upstream issue: https://github.com/json-c/json-c/issues/654 The CVE is fixed with version 0.16 (which is already in all active branches of poky). (From OE-Core rev: a7b93651028b55d71b8db53ea831eee7fd539f33) Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/devtool/upgrade.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: