Skip to content

Commit

Permalink
libyaml: ignore CVE-2024-35326
Browse files Browse the repository at this point in the history 
Source: poky
MR: 158190, 158532, 154825
Type: Security Fix
Disposition: Merged from poky
ChangeID: 0d356a4
Description:

This is the same problem as already ignored CVE-2024-35328.
See laso this comment in addition:
yaml/libyaml#298 (comment)

(From OE-Core rev: 18e011245dd978985eecc368c503822f61d52f21)

Signed-off-by: Peter Marko <[email protected]>
Signed-off-by: Steve Sakoman <[email protected]>
Signed-off-by: Jeremy A. Puhlman <[email protected]>
  • Loading branch information
@petermarko @jpuhlman
petermarko authored and jpuhlman committed Sep 9, 2024
1 parent 14946be commit d88f074
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion meta/recipes-support/libyaml/libyaml_0.2.5.bb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,6 @@ DISABLE_STATIC:class-nativesdk = ""
DISABLE_STATIC:class-native = ""

# upstream-wontfix: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302
CVE_CHECK_IGNORE += "CVE-2024-35328"
CVE_CHECK_IGNORE += "CVE-2024-35326 CVE-2024-35328"

BBCLASSEXTEND = "native nativesdk"

0 comments on commit d88f074

Please sign in to comment.