]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 4cebabf) | patch
flex: Add CVE-2019-6293 to exclusions for checks
authorRichard Purdie <richard.purdie@linuxfoundation.org>
Mon, 6 Sep 2021 12:49:26 +0000 (13:49 +0100)
committerSteve Sakoman <steve@sakoman.com>
Fri, 10 Sep 2021 15:49:28 +0000 (05:49 -1000)
commitb939b005b06be58a276d565f755ee2d8f3e5dfc1
tree16cac772817dddb781b55f502e71bf9e0aec8708tree | snapshot
parent4cebabf1007762872510c5065a2a718a89687734commit | diff
flex: Add CVE-2019-6293 to exclusions for checks

CVE is effectively disputed - yes there is stack exhaustion but no bug and it
is building the parser, not running it, effectively similar to a compiler ICE.
Upstream no plans to address and there is no security issue.

https://github.com/westes/flex/issues/414

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0cae5d7a24bedf6784781b62cbb3795a44bab4d1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/conf/distro/include/cve-extra-exclusions.inc diff | blob | history
meta/recipes-devtools/flex/flex_2.6.4.bb diff | blob | history
Mirror of the official openembedded-core repository