yasm: fix CVE-2023-37732

Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c
and /elf/elf.c, which allows the attacker to cause a denial of service via a
crafted file.

References:
https://github.com/yasm/yasm/issues/233
https://nvd.nist.gov/vuln/detail/CVE-2023-37732

Signed-off-by: Soumya <soumya.sambu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This commit is contained in:
Soumya
2023-08-18 14:38:04 +00:00
committed by Khem Raj
parent 3f9e63e4dd
commit 76912f22d8
2 changed files with 42 additions and 0 deletions
@@ -13,6 +13,7 @@ SRCREV = "ba463d3c26c0ece2e797b8d6381b161633b5971a"
SRC_URI = "git://github.com/yasm/yasm.git;branch=master;protocol=https \
file://0001-Do-not-use-AC_HEADER_STDC.patch \
file://CVE-2023-31975.patch \
file://CVE-2023-37732.patch \
"
S = "${WORKDIR}/git"