]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commitdiff
projects / thirdparty / openembedded / openembedded-core-contrib.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 34e6a19)
libxslt: Mark CVE-2022-29824 as not applying
authorRichard Purdie <richard.purdie@linuxfoundation.org>
Sat, 28 May 2022 10:15:29 +0000 (11:15 +0100)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Sat, 28 May 2022 17:37:01 +0000 (18:37 +0100)
We have libxml2 2.9.14 and we don't link statically against libxml2 anyway
so the CVE doesn't apply to libxslt.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-support/libxslt/libxslt_1.1.35.bb patch | blob | blame | history

diff --git a/meta/recipes-support/libxslt/libxslt_1.1.35.bb b/meta/recipes-support/libxslt/libxslt_1.1.35.bb
index 51cfb2e28111121063cfc08c8137e30c9c9be798..2fd777766ccca74c203f28086670de026ecb74be 100644 (file)
--- a/meta/recipes-support/libxslt/libxslt_1.1.35.bb
+++ b/meta/recipes-support/libxslt/libxslt_1.1.35.bb
@@ -19,6 +19,10 @@ SRC_URI[sha256sum] = "8247f33e9a872c6ac859aa45018bc4c4d00b97e2feac9eebc10c93ce1f
 
 UPSTREAM_CHECK_REGEX = "libxslt-(?P<pver>\d+(\.\d+)+)\.tar"
 
+# We have libxml2 2.9.14 and we don't link statically with it anyway
+# so this isn't an issue.
+CVE_CHECK_IGNORE += "CVE-2022-29824"
+
 S = "${WORKDIR}/libxslt-${PV}"
 
 BINCONFIG = "${bindir}/xslt-config"
Mirror of git://git.openembedded.org/openembedded-core-contrib