yasm: fix CVE-2023-37732

Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c
and /elf/elf.c, which allows the attacker to cause a denial of service via a
crafted file.

References:
https://github.com/yasm/yasm/issues/233
https://nvd.nist.gov/vuln/detail/CVE-2023-37732

Signed-off-by: Soumya <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 41fffef6b0)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Soumya
2023-08-18 14:38:04 +00:00
committed by Armin Kuster
parent 402affcc07
commit 7f5ded2c88
2 changed files with 42 additions and 0 deletions
@@ -12,6 +12,7 @@ SRCREV = "ba463d3c26c0ece2e797b8d6381b161633b5971a"
SRC_URI = "git://github.com/yasm/yasm.git;branch=master;protocol=https \
file://0001-Do-not-use-AC_HEADER_STDC.patch \
file://CVE-2023-31975.patch \
file://CVE-2023-37732.patch \
"
S = "${WORKDIR}/git"