From: Richard Purdie <richard.pur...@linuxfoundation.org>
We have libxml2 2.9.14 and we don't link statically against libxml2 anyway
so the CVE doesn't apply to libxslt.
Signed-off-by: Richard Purdie <richard.pur...@linuxfoundation.org>
(cherry picked from commit c6315d8a2a1429a0fb7563b1d6352ceee7bc222c)
Signed-off-by: Steve Sakoman <st...@sakoman.com>
---
meta/recipes-support/libxslt/libxslt_1.1.35.bb | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/meta/recipes-support/libxslt/libxslt_1.1.35.bb
b/meta/recipes-support/libxslt/libxslt_1.1.35.bb
index 51cfb2e281..2fd777766c 100644
--- a/meta/recipes-support/libxslt/libxslt_1.1.35.bb
+++ b/meta/recipes-support/libxslt/libxslt_1.1.35.bb
@@ -19,6 +19,10 @@ SRC_URI[sha256sum] =
"8247f33e9a872c6ac859aa45018bc4c4d00b97e2feac9eebc10c93ce1f
UPSTREAM_CHECK_REGEX = "libxslt-(?P<pver>\d+(\.\d+)+)\.tar"
+# We have libxml2 2.9.14 and we don't link statically with it anyway
+# so this isn't an issue.
+CVE_CHECK_IGNORE += "CVE-2022-29824"
+
S = "${WORKDIR}/libxslt-${PV}"
BINCONFIG = "${bindir}/xslt-config"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#166480):
https://lists.openembedded.org/g/openembedded-core/message/166480
Mute This Topic: https://lists.openembedded.org/mt/91503798/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
