mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-18 12:32:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

glibc: Refresh CVE backports after 2.42 release

Browse Source 
CVE-2025-4802 is already addressed in 2.39+ [1]
Other two are part of 2.42 release

[1] https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e

(From OE-Core rev: 728911c19c7bf6518d437999cb2f39e09bc8f3e4)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Khem Raj
2025-07-28 18:49:48 -07:00
committed by Richard Purdie
parent 754345d606
commit 6f31ea9a5e
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
meta/recipes-core/glibc/glibc_2.41.bb
View File

@@ -17,7 +17,7 @@ Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, m
easier access for another. 'ASLR bypass itself is not a vulnerability.'"
CVE_STATUS_GROUPS += "CVE_STATUS_STABLE_BACKPORTS"
CVE_STATUS_STABLE_BACKPORTS = "CVE-2025-4802 CVE-2025-5702 CVE-2025-5745"
CVE_STATUS_STABLE_BACKPORTS = ""
CVE_STATUS_STABLE_BACKPORTS[status] = "cpe-stable-backport: fix available in used git hash"
DEPENDS += "gperf-native bison-native"