From: Peter Marko <[email protected]> This is open yet but seems to be disputed This has not yet been disputed officially
Based on: OE-Core rev: 4cba8ad405b1728afda3873f99ac88711ab85644 OE-Core rev: 7ec7384837f3e3fb68b25a6108ed7ec0f261a4aa OE-Core rev: c66d9a2a0d197498fa21ee8ca51a4afb59f75473 Squashed and converted to CVE_CHECK_IGNORE syntax Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Steve Sakoman <[email protected]> --- meta/recipes-support/libyaml/libyaml_0.2.5.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-support/libyaml/libyaml_0.2.5.bb b/meta/recipes-support/libyaml/libyaml_0.2.5.bb index 4cb5717ece..f7c29e7e0f 100644 --- a/meta/recipes-support/libyaml/libyaml_0.2.5.bb +++ b/meta/recipes-support/libyaml/libyaml_0.2.5.bb @@ -18,4 +18,7 @@ inherit autotools DISABLE_STATIC:class-nativesdk = "" DISABLE_STATIC:class-native = "" +# upstream-wontfix: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302 +CVE_CHECK_IGNORE += "CVE-2024-35328" + BBCLASSEXTEND = "native nativesdk" -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#203266): https://lists.openembedded.org/g/openembedded-core/message/203266 Mute This Topic: https://lists.openembedded.org/mt/107874794/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
