libxml2: ignore disputed CVE-2023-45322 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Ross Burton <ross.burton@arm.com>	2023-11-03 13:28:06 +0000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-11-03 13:49:23 +0000
commit	0542c12e893d774f33feb776aea7a6aa6746960c (patch)
tree	266b3bff3579c563fa8e5209bf12a692ad66e92e /scripts/lib/scriptpath.py
parent	372c596db197c45f0203339fee278149d89911c3 (diff)
download	poky-0542c12e893d774f33feb776aea7a6aa6746960c.tar.gz

libxml2: ignore disputed CVE-2023-45322

This CVE is a use-after-free which theoretically can be an exploit vector, but this UAF only occurs when malloc() fails. As it's unlikely that the user can orchestrate malloc() failures at just the place to break on _this_ malloc and not others it is disputed that this is actually a security issue. The underlying bug has been fixed, and will be incorporated into the next release. (From OE-Core rev: 8c70e7cecb1beb30a5be4ea9bbc89c2f2e11853b) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/lib/scriptpath.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: