flex: Add CVE-2019-6293 to exclusions for checks - linux/poky.git

diff options

author	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-09-06 13:49:26 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-09-14 17:27:42 +0100
commit	6aa55dd279b14b34f334b8d70f7046720fc6764d (patch)
tree	843b53cdee073fc58ecc5d48e66efc98ff16bdad /scripts/lib
parent	50ea49f3d97a66c5157073c57cfe6a3992e86254 (diff)
download	poky-6aa55dd279b14b34f334b8d70f7046720fc6764d.tar.gz

flex: Add CVE-2019-6293 to exclusions for checks

CVE is effectively disputed - yes there is stack exhaustion but no bug and it is building the parser, not running it, effectively similar to a compiler ICE. Upstream no plans to address and there is no security issue. https://github.com/westes/flex/issues/414 (From OE-Core rev: b939b005b06be58a276d565f755ee2d8f3e5dfc1) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 0cae5d7a24bedf6784781b62cbb3795a44bab4d1) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/lib')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: