]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a24e44f) | patch
glib-2.0: ignore CVE-2025-4056
authorPeter Marko <peter.marko@siemens.com>
Mon, 18 Aug 2025 18:10:37 +0000 (20:10 +0200)
committerSteve Sakoman <steve@sakoman.com>
Tue, 19 Aug 2025 17:14:42 +0000 (10:14 -0700)
commit8c69793deb78cf9718801825477938c22e229eca
treea920033092c6edb863ec156f365aa6c1b42b517etree | snapshot
parenta24e44f92114f995e034923a62b96947dc99d6e8commit | diff
glib-2.0: ignore CVE-2025-4056

NVD report [1] says:
A flaw was found in GLib. A denial of service on **Windows platforms**
may occur if an application attempts to spawn a program using long
command lines.

The fix [3] (linked from [2]) also changes only files
glib/gspawn-win32-helper.c
glib/gspawn-win32.c

[1] https://nvd.nist.gov/vuln/detail/CVE-2025-4056
[2] https://gitlab.gnome.org/GNOME/glib/-/issues/3668
[3] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4570

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core