mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity

protobuf 4.25.8: Mark CVE-2024-7254 as patched

Browse Source 
Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2024-7254
Type: Security Fix
CVE: CVE-2024-7254
Score: 8.7
Patch: https://github.com/protocolbuffers/protobuf/commit/850fcce9176e

Analysis:
The original fix [1] for CVE-2024-7254 is listed in the NVD security
tracker (https://nvd.nist.gov/vuln/detail/CVE-2024-7254) and was
subsequently backported to the v4.25.8 version via commit [2].
Hence, this CVE is considered patched in the current source.

Reference:
[1] https://github.com/protocolbuffers/protobuf/commit/cc8b3483a558
[2] https://github.com/protocolbuffers/protobuf/commit/850fcce9176e (v4.25.8)

Signed-off-by: Deepak Rathore <deeratho@cisco.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
This commit is contained in:
Deepak Rathore
2025-09-08 12:31:02 +05:30
committed by Anuj Mittal
parent 10fc221938
commit b9fb6556a3
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-devtools/protobuf/protobuf_4.25.8.bb
+2
View File
@@ -21,6 +21,8 @@ SRC_URI:append:mipsel:toolchain-clang = " file://0001-Fix-build-on-mips-clang.pa
S = "${WORKDIR}/git"
CVE_STATUS[CVE-2024-7254] = "fixed-version: The vulnerability has been addressed and the fix is included in version v4.25.8"
inherit cmake pkgconfig ptest
PACKAGECONFIG ??= ""