From: Peter Marko <peter.marko@siemens.com>
Date: Sat, 23 Aug 2025 20:47:07 +0000 (+0200)
Subject: libxml2: mark CVE-2025-6170 as fixed
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d8a9c190811ad9658a74502a371c110f4d24d68f;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git

libxml2: mark CVE-2025-6170 as fixed

As shown in [1] when expanding tags including it.

NVD tracks this CVE as version-less.

[1] https://gitlab.gnome.org/GNOME/libxml2/-/commit/c340e419505cf4bf1d9ed7019a87cc00ec200434

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
---

diff --git a/meta/recipes-core/libxml/libxml2_2.14.5.bb b/meta/recipes-core/libxml/libxml2_2.14.5.bb
index f60a46e187..0b5edcd7a3 100644
--- a/meta/recipes-core/libxml/libxml2_2.14.5.bb
+++ b/meta/recipes-core/libxml/libxml2_2.14.5.bb
@@ -27,6 +27,8 @@ SRC_URI[testtar.sha256sum] = "c6b2d42ee50b8b236e711a97d68e6c4b5c8d83e69a2be47223
 # Disputed as a security issue, but fixed in d39f780
 CVE_STATUS[CVE-2023-45322] = "disputed: issue requires memory allocation to fail"
 
+CVE_STATUS[CVE-2025-6170] = "fixed-version: fixed in version 2.14.5"
+
 BINCONFIG = "${bindir}/xml2-config"
 
 PACKAGECONFIG ??= "python"