[dunfell,5/5] jansson: whitelist CVE-2020-36325

Message ID	e0e79bbde23f17185cc59908fee97c0cea098428.1638447451.git.akuster808@gmail.com
State	New
Headers	show Return-Path: <akuster808@gmail.com> ip: 209.85.216.53, mailfrom: akuster808@gmail.com) From: Armin Kuster <akuster808@gmail.com> To: openembedded-devel@lists.openembedded.org Subject: [dunfell 5/5] jansson: whitelist CVE-2020-36325 Date: Thu, 2 Dec 2021 04:19:05 -0800 Message-Id: <e0e79bbde23f17185cc59908fee97c0cea098428.1638447451.git.akuster808@gmail.com> In-Reply-To: <cover.1638447451.git.akuster808@gmail.com> References: <cover.1638447451.git.akuster808@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	None \| expand [dunfell,2/5] nss: Fix CVE-2020-12403 [dunfell,3/5] lmsensors: do not depend on lmsensors-isatools on non-x86 [dunfell,4/5] sdbus-c++: don't fetch googletest during do_configure [dunfell,5/5] jansson: whitelist CVE-2020-36325

Message ID

e0e79bbde23f17185cc59908fee97c0cea098428.1638447451.git.akuster808@gmail.com

State

New

Headers

From: Armin Kuster <akuster808@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [dunfell 5/5] jansson: whitelist CVE-2020-36325
Date: Thu,  2 Dec 2021 04:19:05 -0800
Message-Id: 
 <e0e79bbde23f17185cc59908fee97c0cea098428.1638447451.git.akuster808@gmail.com>
In-Reply-To: <cover.1638447451.git.akuster808@gmail.com>
References: <cover.1638447451.git.akuster808@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

None | expand

Commit Message

akuster808 Dec. 2, 2021, 12:19 p.m. UTC

From: Marta Rybczynska <marta.rybczynska@huawei.com>

According to the upstream [1], the bug happens only if the programmer
does not follow the API definition.

[1] https://github.com/akheron/jansson/issues/548

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-oe/recipes-extended/jansson/jansson_2.13.1.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb b/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb
index d6e56ea768..7beea9f1e7 100644
--- a/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb
+++ b/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb
@@ -11,4 +11,7 @@  SRC_URI[sha256sum] = "f4f377da17b10201a60c1108613e78ee15df6b12016b116b6de42209f4
 
 inherit autotools pkgconfig
 
+# upstream considers it isn't a real bug https://github.com/akheron/jansson/issues/548
+CVE_CHECK_WHITELIST = "CVE-2020-36325 "
+
 BBCLASSEXTEND = "native"

[dunfell,5/5] jansson: whitelist CVE-2020-36325

Commit Message

Patch