libyaml: Update status of CVE-2024-35328

author Khem Raj <raj.khem@gmail.com>

Sun, 28 Jul 2024 14:49:05 +0000 (07:49 -0700)

committer Richard Purdie <richard.purdie@linuxfoundation.org>

Tue, 30 Jul 2024 11:32:44 +0000 (12:32 +0100)
author Khem Raj <raj.khem@gmail.com>
Sun, 28 Jul 2024 14:49:05 +0000 (07:49 -0700)
committer Richard Purdie <richard.purdie@linuxfoundation.org>
Tue, 30 Jul 2024 11:32:44 +0000 (12:32 +0100)
diff --git a/meta/recipes-support/libyaml/libyaml_0.2.5.bb b/meta/recipes-support/libyaml/libyaml_0.2.5.bb

index 4cb5717ece8b9fa723165ee43b6cd24c1195771f..2d6f27af1fcc07a2e0ccb377bfd4f19cc7298308 100644 (file)
--- a/meta/recipes-support/libyaml/libyaml_0.2.5.bb
+++ b/meta/recipes-support/libyaml/libyaml_0.2.5.bb
@@ -18,4 +18,6 @@ inherit autotools
  DISABLE_STATIC:class-nativesdk = ""
  DISABLE_STATIC:class-native = ""
  
+CVE_STATUS[CVE-2024-35328] = "disputed: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302"
+
  BBCLASSEXTEND = "native nativesdk"
author	Khem Raj <raj.khem@gmail.com>
	Sun, 28 Jul 2024 14:49:05 +0000 (07:49 -0700)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Tue, 30 Jul 2024 11:32:44 +0000 (12:32 +0100)