mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-15 16:07:26 +00:00
ada8211493
This CVE is fixed in current libsass recipe version.
So wrapper around it will also not show this problem.
It's usual usecase is to be statically linked with libsass which is
probably the reason why this is listed as vulnerable component.
[1] links [2] as issue tracker which points to [3] as fix.
[4] as base repository for the recipe is not involved and files from [3]
are not present in this repository.
[1] https://nvd.nist.gov/vuln/detail/CVE-2022-43357
[2] https://github.com/sass/libsass/issues/3177
[3] https://github.com/sass/libsass/pull/3184
[4] https://github.com/sass/sassc/
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 576b84263b)
Scarthgap has also the fixed libsass version (3.6.6), the CVE can
be considered fixed.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
17 lines
456 B
BlitzBasic
17 lines
456 B
BlitzBasic
SUMMARY = "libsass command line driver "
|
|
LICENSE = "MIT"
|
|
LIC_FILES_CHKSUM = "file://LICENSE;md5=2f8a76980411a3f1f1480b141ce06744"
|
|
|
|
DEPENDS = "libsass"
|
|
|
|
inherit autotools pkgconfig
|
|
|
|
SRC_URI = "git://github.com/sass/sassc.git;branch=master;protocol=https"
|
|
SRCREV = "66f0ef37e7f0ad3a65d2f481eff09d09408f42d0"
|
|
S = "${WORKDIR}/git"
|
|
PV = "3.6.2"
|
|
|
|
CVE_STATUS[CVE-2022-43357] = "cpe-incorrect: this is CVE for libsass, not sassc wrapper"
|
|
|
|
BBCLASSEXTEND = "native"
|