Skip to content

Commit

Permalink
libyaml: Ignore CVE-2024-35325
Browse files Browse the repository at this point in the history
This is similar CVE as the previous ones from the same author.
yaml/libyaml#303 explain why this is misuse
(or wrong use) of libyaml.

(From OE-Core rev: f233c1b7d55fbc8c1968c105905462eed5c793e6)

Signed-off-by: Peter Marko <[email protected]>
Signed-off-by: Steve Sakoman <[email protected]>
  • Loading branch information
petermarko authored and sakoman committed Aug 30, 2024
1 parent bbf8a5b commit c501eb0
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions meta/recipes-support/libyaml/libyaml_0.2.5.bb
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ inherit autotools
DISABLE_STATIC:class-nativesdk = ""
DISABLE_STATIC:class-native = ""

CVE_STATUS[CVE-2024-35325] = "upstream-wontfix: Upstream thinks this is a misuse (or wrong use) of the libyaml API - https://github.com/yaml/libyaml/issues/303"
CVE_STATUS[CVE-2024-35326] = "upstream-wontfix: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302"
CVE_STATUS[CVE-2024-35328] = "upstream-wontfix: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302"

Expand Down

0 comments on commit c501eb0

Please sign in to comment.