- The c-ares commit https://github.com/c-ares/c-ares/commit/9903253c347f (Add str len check in config_sortlist to avoid stack overflow), fixes the CVE-2022-4904 instead of CVE-2022-4415 https://security-tracker.debian.org/tracker/CVE-2022-4904 - CVE-ID inside the CVE-2022-4904.patch is wrong in the OE commit[092e125f44f6] - Hence corrected the CVE-ID in CVE-2022-4904.patch
Signed-off-by: Shinu Chandran <[email protected]> --- meta-oe/recipes-support/c-ares/c-ares/CVE-2022-4904.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-oe/recipes-support/c-ares/c-ares/CVE-2022-4904.patch b/meta-oe/recipes-support/c-ares/c-ares/CVE-2022-4904.patch index 0a0e8f0b6..328075ca6 100644 --- a/meta-oe/recipes-support/c-ares/c-ares/CVE-2022-4904.patch +++ b/meta-oe/recipes-support/c-ares/c-ares/CVE-2022-4904.patch @@ -20,7 +20,7 @@ fixes #496 Fix By: @hopper-vul -CVE: CVE-2022-4415 +CVE: CVE-2022-4904 Upstream-Status: Backport [https://github.com/c-ares/c-ares/commit/9903253c347f9e0bffd285ae3829aef251cc852d] Signed-off-by: Peter Marko <[email protected]> -- 2.28.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#188169): https://lists.openembedded.org/g/openembedded-core/message/188169 Mute This Topic: https://lists.openembedded.org/mt/101569059/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
