libxml2: ignore disputed CVE-2023-45322 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Ross Burton <ross.burton@arm.com>	2023-10-23 18:38:19 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-10-26 15:29:34 +0100
commit	01a5135980bcfb67fe721f144c8dd222fa2399b2 (patch)
tree	374f89976a397e38ef77cd9002a7d6fb74983073 /scripts/lib/recipetool/create_buildsys_python.py
parent	71bf3fcf0f529acc8c06962b29d7fe9f89707167 (diff)
download	poky-01a5135980bcfb67fe721f144c8dd222fa2399b2.tar.gz

libxml2: ignore disputed CVE-2023-45322

This CVE is a use-after-free which theoretically can be an exploit vector, but this UAF only occurs when malloc() fails. As it's unlikely that the user can orchestrate malloc() failures at just the place to break on _this_ malloc and not others it is disputed that this is actually a security issue. The underlying bug has been fixed, and will be incorporated into the next release. (From OE-Core rev: b93dd888b861aa6df97cd78b70fa9f757cfcdf61) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/lib/recipetool/create_buildsys_python.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: