]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit
projects / thirdparty / openembedded / openembedded-core-contrib.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 04ce470) | patch
glib-2.0: ignore CVE-2025-4056
authorPeter Marko <peter.marko@siemens.com>
Mon, 18 Aug 2025 18:10:48 +0000 (20:10 +0200)
committerSteve Sakoman <steve@sakoman.com>
Tue, 19 Aug 2025 13:36:09 +0000 (06:36 -0700)
commit5858567a9222d9fff6f0a282cf7c7bda4e19af57
tree783645c2ca95cc008f96775c9dec909ca82ca6f2tree | snapshot
parent04ce4704e603cd66f30ffc001541c6497d84050ecommit | diff
glib-2.0: ignore CVE-2025-4056

NVD report [1] says:
A flaw was found in GLib. A denial of service on **Windows platforms**
may occur if an application attempts to spawn a program using long
command lines.

The fix [3] (linked from [2]) also changes only files
glib/gspawn-win32-helper.c
glib/gspawn-win32.c

[1] https://nvd.nist.gov/vuln/detail/CVE-2025-4056
[2] https://gitlab.gnome.org/GNOME/glib/-/issues/3668
[3] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4570

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core-contrib