[dunfell,2/2] libxslt: Mark CVE-2022-29824 as not applying

Message ID	20220603121750.30519-2-omkarpatil10.93@gmail.com
State	Accepted, archived
Commit	9c736c9dcf5f18b8db082a0903be0acb3fbb51c2
Headers	show Return-Path: <omkarpatil10.93@gmail.com> ip: 209.85.215.177, mailfrom: omkarpatil10.93@gmail.com) From: Omkar Patil <omkarpatil10.93@gmail.com> To: openembedded-core@lists.openembedded.org, omkar.patil@kpit.com Cc: ranjitsinh.rathod@kpit.com, Richard Purdie <richard.purdie@linuxfoundation.org>, Omkar Patil <Omkar.Patil@kpit.com> Subject: [OE-core][dunfell][PATCH 2/2] libxslt: Mark CVE-2022-29824 as not applying Date: Fri, 3 Jun 2022 17:47:50 +0530 Message-Id: <20220603121750.30519-2-omkarpatil10.93@gmail.com> In-Reply-To: <20220603121750.30519-1-omkarpatil10.93@gmail.com> References: <20220603121750.30519-1-omkarpatil10.93@gmail.com>
Series	[dunfell,1/2] libxslt: Fix CVE-2021-30560 \| expand [dunfell,1/2] libxslt: Fix CVE-2021-30560 [dunfell,2/2] libxslt: Mark CVE-2022-29824 as not applying

Message ID

20220603121750.30519-2-omkarpatil10.93@gmail.com

State

Accepted, archived

Commit

9c736c9dcf5f18b8db082a0903be0acb3fbb51c2

Headers

From: Omkar Patil <omkarpatil10.93@gmail.com>
To: openembedded-core@lists.openembedded.org,
	omkar.patil@kpit.com
Cc: ranjitsinh.rathod@kpit.com,
	Richard Purdie <richard.purdie@linuxfoundation.org>,
	Omkar Patil <Omkar.Patil@kpit.com>
Subject: [OE-core][dunfell][PATCH 2/2] libxslt: Mark CVE-2022-29824 as not
 applying
Date: Fri,  3 Jun 2022 17:47:50 +0530
Message-Id: <20220603121750.30519-2-omkarpatil10.93@gmail.com>
In-Reply-To: <20220603121750.30519-1-omkarpatil10.93@gmail.com>
References: <20220603121750.30519-1-omkarpatil10.93@gmail.com>

Series

[dunfell,1/2] libxslt: Fix CVE-2021-30560 | expand

Commit Message

Omkar Patil June 3, 2022, 12:17 p.m. UTC

From: Richard Purdie <richard.purdie@linuxfoundation.org>

We have libxml2 2.9.10 and we don't link statically against libxml2 anyway
so the CVE doesn't apply to libxslt.

(From OE-Core rev: c6315d8a2a1429a0fb7563b1d6352ceee7bc222c)

Signed-off-by: Omkar Patil <Omkar.Patil@kpit.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ad63694e6df4f284879f7220962a821f97928eb0)
---
 meta/recipes-support/libxslt/libxslt_1.1.34.bb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta/recipes-support/libxslt/libxslt_1.1.34.bb b/meta/recipes-support/libxslt/libxslt_1.1.34.bb
index 62afec5755..4755677bec 100644
--- a/meta/recipes-support/libxslt/libxslt_1.1.34.bb
+++ b/meta/recipes-support/libxslt/libxslt_1.1.34.bb
@@ -22,6 +22,10 @@  SRC_URI[sha256sum] = "98b1bd46d6792925ad2dfe9a87452ea2adebf69dcb9919ffd55bf926a7
 
 UPSTREAM_CHECK_REGEX = "libxslt-(?P<pver>\d+(\.\d+)+)\.tar"
 
+# We have libxml2 2.9.10 and we don't link statically with it anyway
+# so this isn't an issue.
+CVE_CHECK_WHITELIST += "CVE-2022-29824"
+
 S = "${WORKDIR}/libxslt-${PV}"
 
 BINCONFIG = "${bindir}/xslt-config"

[dunfell,2/2] libxslt: Mark CVE-2022-29824 as not applying

Commit Message

Patch