libcoap: ignore CVE-2025-50518

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-50518 The vulnerability is disputed by upstream, because the vulnerability requires a user error, incorrect library usage. See also an upstream discussion in a related (rejected) PR: https://github.com/obgm/libcoap/pull/1726 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2025-12-31 13:38:06 +00:00 · 2025-12-16 12:14:36 +01:00 · 2025-12-16 12:14:36 +01:00 · 598176e1cb
commit 598176e1cb
parent b91e86f73a
1 changed files with 2 additions and 0 deletions
--- a/meta-networking/recipes-devtools/libcoap/libcoap_4.3.5a.bb
+++ b/meta-networking/recipes-devtools/libcoap/libcoap_4.3.5a.bb
@ -60,3 +60,5 @@ PACKAGE_BEFORE_PN += "\

 FILES:${PN}-bin = "${bindir}"
 FILES:${PN}-dev += "${datadir}/${BPN}/examples"
+
+CVE_STATUS[CVE-2025-50518] = "disputed: happens only when library is used incorrectly"