From da07e6ee3464ce85595ccea9a3d1863b5cf446b3 Mon Sep 17 00:00:00 2001
From: Peter Marko <peter.marko@siemens.com>
Date: Sun, 25 Aug 2024 23:44:13 +0200
Subject: [PATCH] libyaml: Ignore CVE-2024-35325

This is similar CVE as the previous ones from the same author.
https://github.com/yaml/libyaml/issues/303 explain why this is misuse
(or wrong use) of libyaml.

(From OE-Core rev: a28240d49c111050e253e373507ac3094b74f6e1)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-support/libyaml/libyaml_0.2.5.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-support/libyaml/libyaml_0.2.5.bb b/meta/recipes-support/libyaml/libyaml_0.2.5.bb
index e30dc5a43f..514c60779c 100644
--- a/meta/recipes-support/libyaml/libyaml_0.2.5.bb
+++ b/meta/recipes-support/libyaml/libyaml_0.2.5.bb
@@ -20,5 +20,7 @@ DISABLE_STATIC:class-native = ""
 
 # upstream-wontfix: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302
 CVE_CHECK_IGNORE += "CVE-2024-35326 CVE-2024-35328"
+# upstream-wontfix: Upstream thinks this is a misuse (or wrong use) of the libyaml API - https://github.com/yaml/libyaml/issues/303
+CVE_CHECK_IGNORE += "CVE-2024-35325"
 
 BBCLASSEXTEND = "native nativesdk"