mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-08 05:09:24 +00:00
Code Issues Projects Releases Wiki Activity

libxml2: ignore CVE-2025-8732

Browse Source 
The code maintainer disputes the CVE as the issue can only be triggered with
untrusted SGML catalogs and it makes absolutely no sense to use untrusted
catalogs.

The issue triggers a crash if an invalid file is provided.
Source: https://gitlab.gnome.org/GNOME/libxml2/-/issues/958"

(From OE-Core rev: 348ce728af1cea4f909de5c3597801b5612719e4)

Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Daniel Turull
2025-08-19 12:47:24 +02:00
committed by Steve Sakoman
parent 9c4fe6dac5
commit 3318b5eb4d
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-core/libxml/libxml2_2.12.10.bb
+4
View File
@@ -32,6 +32,10 @@ SRC_URI[testtar.sha256sum] = "c6b2d42ee50b8b236e711a97d68e6c4b5c8d83e69a2be47223
# Disputed as a security issue, but fixed in d39f780
CVE_STATUS[CVE-2023-45322] = "disputed: issue requires memory allocation to fail"
# Disputed as a security issue, if attempts to process an invalid file, it fails
# https://gitlab.gnome.org/GNOME/libxml2/-/issues/958
CVE_STATUS[CVE-2025-8732] = "disputed: the code maintainer explains, that the issue can only be triggered with untrusted SGML catalogs and it makes absolutely no sense to use untrusted catalogs. The issue triggers a crash if an invalid file is provided. https://gitlab.gnome.org/GNOME/libxml2/-/issues/958"
BINCONFIG = "${bindir}/xml2-config"
PACKAGECONFIG ??= "python \