]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 66c3133) | patch
glib-2.0: add patch for CVE-2020-35457
authorMikko Rapeli <mikko.rapeli@bmw.de>
Tue, 5 Jan 2021 10:18:20 +0000 (12:18 +0200)
committerSteve Sakoman <steve@sakoman.com>
Tue, 5 Jan 2021 17:51:21 +0000 (07:51 -1000)
commit196d6a668fb44ac3f69d791d42d2eead285a758e
tree904243cd892b4dca181534aacd0b161d40931c32tree | snapshot
parent66c3133fa83fc8fdbe7c48a5ec8b3df592010f43commit | diff
glib-2.0: add patch for CVE-2020-35457

Upstream has disputed CVE-2020-35457 claiming it's not exploitable but
the patch is simple to add.

https://security-tracker.debian.org/tracker/CVE-2020-35457

"https://gitlab.gnome.org/GNOME/glib/-/commit/63c5b62f0a984fac9a9700b12f54fe878e016a5d
https://gitlab.gnome.org/GNOME/glib/-/issues/2197
Upstream position is that it is not realistically a security issue."

For master branch this CVE is not reported by CVE checker:

NOTE: glib-2.0-2.66.4 is not vulnerable to CVE-2020-35457

Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-core/glib-2.0/glib-2.0/0001-goption-Add-a-precondition-to-avoid-GOptionEntry-lis.patch [new file with mode: 0644] blob
meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb diff | blob | history
Mirror of the official openembedded-core repository