From: Richard Purdie <[email protected]> We have libxml2 2.9.10 and we don't link statically against libxml2 anyway so the CVE doesn't apply to libxslt.
(From OE-Core rev: c6315d8a2a1429a0fb7563b1d6352ceee7bc222c) Signed-off-by: Omkar Patil <[email protected]> Signed-off-by: Richard Purdie <[email protected]> (cherry picked from commit ad63694e6df4f284879f7220962a821f97928eb0) --- meta/recipes-support/libxslt/libxslt_1.1.34.bb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/meta/recipes-support/libxslt/libxslt_1.1.34.bb b/meta/recipes-support/libxslt/libxslt_1.1.34.bb index 62afec5755..4755677bec 100644 --- a/meta/recipes-support/libxslt/libxslt_1.1.34.bb +++ b/meta/recipes-support/libxslt/libxslt_1.1.34.bb @@ -22,6 +22,10 @@ SRC_URI[sha256sum] = "98b1bd46d6792925ad2dfe9a87452ea2adebf69dcb9919ffd55bf926a7 UPSTREAM_CHECK_REGEX = "libxslt-(?P<pver>\d+(\.\d+)+)\.tar" +# We have libxml2 2.9.10 and we don't link statically with it anyway +# so this isn't an issue. +CVE_CHECK_WHITELIST += "CVE-2022-29824" + S = "${WORKDIR}/libxslt-${PV}" BINCONFIG = "${bindir}/xslt-config" -- 2.17.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#166519): https://lists.openembedded.org/g/openembedded-core/message/166519 Mute This Topic: https://lists.openembedded.org/mt/91519570/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
