> -----Original Message----- > From: [email protected] > <[email protected]> On Behalf Of Benjamin Robin via > lists.openembedded.org > Sent: den 20 februari 2026 12:02 > To: [email protected] > Cc: [email protected]; [email protected]; > [email protected]; [email protected]; > [email protected]; Benjamin Robin (Schneider Electric) > <[email protected]>; Peter > Marko <[email protected]> > Subject: [OE-core] [PATCH 2/2] meta: in lz4 remove reference to rejected > CVE-2025-62813
Please use the recipe name as prefix, e.g.: lz4: Remove a reference to the rejected CVE-2025-62813 > > The CVE-2025-62813 is rejected so do not reference it anymore. > So keep the patch but without referencing the CVE identifier. > > The CVE database indicates the following reason: > This candidate was withdrawn by its CNA. Further investigation > showed that it was not a security issue. > > Signed-off-by: Benjamin Robin (Schneider Electric) > <[email protected]> > --- > .../lz4/lz4/{CVE-2025-62813.patch => fix-null-error-handling.patch} | 1 - > meta/recipes-support/lz4/lz4_1.10.0.bb | 2 > +- > 2 files changed, 1 insertion(+), 2 deletions(-) > > diff --git a/meta/recipes-support/lz4/lz4/CVE-2025-62813.patch > b/meta/recipes-support/lz4/lz4/fix-null-error-handling.patch > similarity index 99% > rename from meta/recipes-support/lz4/lz4/CVE-2025-62813.patch > rename to meta/recipes-support/lz4/lz4/fix-null-error-handling.patch > index 4fa0373ff778..1527cc759124 100644 > --- a/meta/recipes-support/lz4/lz4/CVE-2025-62813.patch > +++ b/meta/recipes-support/lz4/lz4/fix-null-error-handling.patch > @@ -4,7 +4,6 @@ Date: Mon, 31 Mar 2025 20:48:52 +0200 > Subject: [PATCH] fix(null) : improve error handlings when passing a null > pointer to some functions from lz4frame > > -CVE: CVE-2025-62813 > Upstream-Status: Backport > [https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82] > Signed-off-by: Peter Marko <[email protected]> > --- > diff --git a/meta/recipes-support/lz4/lz4_1.10.0.bb > b/meta/recipes-support/lz4/lz4_1.10.0.bb > index f2a86036b56a..fae5796c2b9a 100644 > --- a/meta/recipes-support/lz4/lz4_1.10.0.bb > +++ b/meta/recipes-support/lz4/lz4_1.10.0.bb > @@ -15,7 +15,7 @@ SRCREV = "ebb370ca83af193212df4dcbadcc5d87bc0de2f0" > SRC_URI = "git://github.com/lz4/lz4.git;branch=release;protocol=https \ > file://reproducibility.patch \ > file://run-ptest \ > - file://CVE-2025-62813.patch \ > + file://fix-null-error-handling.patch \ > " > UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>.*)" > > > -- > 2.52.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#231530): https://lists.openembedded.org/g/openembedded-core/message/231530 Mute This Topic: https://lists.openembedded.org/mt/117907958/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
