From: Peter Marko <[email protected]> Per [1] this is a problem of applications using memcached inproperly.
This should not be a CVE against php-memcached, but for whatever software the issue was actually found in. php-memcached and libmemcached provide a VERIFY_KEY flag if they're too lazy to filter untrusted user input. [1] https://github.com/php-memcached-dev/php-memcached/issues/519 Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Khem Raj <[email protected]> (cherry picked from commit 889ccce6848276fa68b3736b345552a533bc6bd2) Adapted to Kirkstone (CVE_STATUS -> CVE_CHECK_IGNORE) Signed-off-by: Gyorgy Sarvari <[email protected]> --- meta-networking/recipes-support/memcached/memcached_1.6.15.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta-networking/recipes-support/memcached/memcached_1.6.15.bb b/meta-networking/recipes-support/memcached/memcached_1.6.15.bb index b28bfe72b7..76e4768fb9 100644 --- a/meta-networking/recipes-support/memcached/memcached_1.6.15.bb +++ b/meta-networking/recipes-support/memcached/memcached_1.6.15.bb @@ -24,6 +24,9 @@ SRC_URI = "http://www.memcached.org/files/${BP}.tar.gz \ " SRC_URI[sha256sum] = "8d7abe3d649378edbba16f42ef1d66ca3f2ac075f2eb97145ce164388e6ed515" +# disputed: this is a problem of applications using php-memcached inproperly +CVE_CHECK_IGNORE = "CVE-2022-26635" + # set the same COMPATIBLE_HOST as libhugetlbfs COMPATIBLE_HOST = "(i.86|x86_64|powerpc|powerpc64|aarch64|arm).*-linux*"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123302): https://lists.openembedded.org/g/openembedded-devel/message/123302 Mute This Topic: https://lists.openembedded.org/mt/117174234/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
