From: Benjamin Robin (Schneider Electric) <[email protected]>
The CVE-2025-62813 is rejected so do not reference it anymore. So keep the patch but without referencing the CVE identifier. The CVE database indicates the following reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Signed-off-by: Benjamin Robin (Schneider Electric) <[email protected]> Signed-off-by: Mathieu Dubois-Briand <[email protected]> Signed-off-by: Richard Purdie <[email protected]> (cherry picked from commit 9c840a69b62a5fdffb3679a44d68dd5630b2916c) Signed-off-by: Yoann Congal <[email protected]> --- .../lz4/{CVE-2025-62813.patch => fix-null-error-handling.patch} | 1 - meta/recipes-support/lz4/lz4_1.10.0.bb | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) rename meta/recipes-support/lz4/lz4/{CVE-2025-62813.patch => fix-null-error-handling.patch} (99%) diff --git a/meta/recipes-support/lz4/lz4/CVE-2025-62813.patch b/meta/recipes-support/lz4/lz4/fix-null-error-handling.patch similarity index 99% rename from meta/recipes-support/lz4/lz4/CVE-2025-62813.patch rename to meta/recipes-support/lz4/lz4/fix-null-error-handling.patch index 4fa0373ff7..1527cc7591 100644 --- a/meta/recipes-support/lz4/lz4/CVE-2025-62813.patch +++ b/meta/recipes-support/lz4/lz4/fix-null-error-handling.patch @@ -4,7 +4,6 @@ Date: Mon, 31 Mar 2025 20:48:52 +0200 Subject: [PATCH] fix(null) : improve error handlings when passing a null pointer to some functions from lz4frame -CVE: CVE-2025-62813 Upstream-Status: Backport [https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82] Signed-off-by: Peter Marko <[email protected]> --- diff --git a/meta/recipes-support/lz4/lz4_1.10.0.bb b/meta/recipes-support/lz4/lz4_1.10.0.bb index f2a86036b5..fae5796c2b 100644 --- a/meta/recipes-support/lz4/lz4_1.10.0.bb +++ b/meta/recipes-support/lz4/lz4_1.10.0.bb @@ -15,7 +15,7 @@ SRCREV = "ebb370ca83af193212df4dcbadcc5d87bc0de2f0" SRC_URI = "git://github.com/lz4/lz4.git;branch=release;protocol=https \ file://reproducibility.patch \ file://run-ptest \ - file://CVE-2025-62813.patch \ + file://fix-null-error-handling.patch \ " UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>.*)"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#232472): https://lists.openembedded.org/g/openembedded-core/message/232472 Mute This Topic: https://lists.openembedded.org/mt/118149320/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
