libarchive: ignore CVE-2023-30571 - linux/poky.git - Mirror of git.yoctoproject.org/poky

index : linux/poky.git

Mirror of git.yoctoproject.org/poky

N/A

summary refs log tree commit diff stats

path: root/scripts/lib/build_perf/scrape-html-report.js

diff options

author	Peter Marko <peter.marko@siemens.com>	2023-07-29 20:22:35 +0200
committer	Steve Sakoman <steve@sakoman.com>	2023-08-07 04:40:43 -1000
commit	cd329fc98420f69ec17aa8b619ed1e39f050db99 (patch)
tree	879a9618ea7d878cf942767ff9c1419ddbe30c94 /scripts/lib/build_perf/scrape-html-report.js
parent	9ceede321a3d2a2e9882e806ff6037baf7e28f0b (diff)
download	poky-cd329fc98420f69ec17aa8b619ed1e39f050db99.tar.gz

libarchive: ignore CVE-2023-30571

This issue was reported and discusses under [1] which is linked in NVD CVE report. It was already documented that some parts or libarchive are thread safe and some not. [2] was now merged to document that also reported function is not thread safe. So this CVE *now* reports thread race condition for non-thread-safe function. And as such the CVE report is now invalid. The issue is still not closed for 2 reasons: * better document what is and what is not thread safe * request to public if someone could make these functions thread safe This should however not invalidate above statment about ignoring this CVE. [1] https://github.com/libarchive/libarchive/issues/1876 [2] https://github.com/libarchive/libarchive/pull/1875 (From OE-Core rev: d5e7971e12cdc8748be91b4e6408b42fa86b2f15) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/build_perf/scrape-html-report.js')

0 files changed, 0 insertions, 0 deletions