Skip to content

Commit

Permalink
libyaml: Amend CVE status as 'upstream-wontfix'
Browse files Browse the repository at this point in the history 
Use an existing defined CVE_CHECK_STATUSMAP key in
meta/lib/oe/cve_check.py in order to avoid following complaint from
BitBake:

  WARNING: libyaml-native-0.2.5-r0 do_create_spdx: Invalid detail "wontfix" for CVE_STATUS[CVE-2024-35328] = "wontfix: Upstream thinks there is no working code that is exploitable - yaml/libyaml#302", fallback to Unpatched

(From OE-Core rev: c66d9a2a0d197498fa21ee8ca51a4afb59f75473)

Signed-off-by: Niko Mauno <[email protected]>
Signed-off-by: Richard Purdie <[email protected]>
  • Loading branch information
@nikomauno @rpurdie
nikomauno authored and rpurdie committed Aug 1, 2024
1 parent 3ebb2ca commit f3479f7
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion meta/recipes-support/libyaml/libyaml_0.2.5.bb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,6 @@ inherit autotools
DISABLE_STATIC:class-nativesdk = ""
DISABLE_STATIC:class-native = ""

CVE_STATUS[CVE-2024-35328] = "wontfix: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302"
CVE_STATUS[CVE-2024-35328] = "upstream-wontfix: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302"

BBCLASSEXTEND = "native nativesdk"

0 comments on commit f3479f7

Please sign in to comment.