mirror of
git://git.openembedded.org/meta-openembedded
synced 2026-05-20 02:36:52 +00:00
ef6ef1492c
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-3748 https://nvd.nist.gov/vuln/detail/CVE-2023-41359 https://nvd.nist.gov/vuln/detail/CVE-2023-41360 https://nvd.nist.gov/vuln/detail/CVE-2023-41361 Regarding CVE-2023-3748: Based on Debian's investigation, the vulnerability was solved by [1]. However that vulnerable code that was fixed was introduced after the recipe version, only in version 8.4.0[2]. Since the recipe version isn't affected by this CVE, ignore it. Regarding CVE-2023-41359: The pull request[3] referenced by the NVD report references another pull request[4] which was opened to backport the fix. The conversion on this PR confirms that the vulnerable feature was introduced in 8.5. Due to this, ignore this CVE. Regarding CVE-2023-41360: The vulnerable code was introduced[5] in version 8.4.0, and the recipe version is not vulnerable. Due to this ignore this CVE. Regarding CVE-2023-41361: The vulnerable code was introduced[6] in version 9.0 and the recipe version is not vulnerable. Due to this ignore this CVE. [1]:0a95d121ca[2]:54a3e60b3e[3]: https://github.com/FRRouting/frr/pull/14232 [4]: https://github.com/FRRouting/frr/pull/15927 [5]:f1aa49293a[6]:234f6fd4f4Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Collection of layers for the OE-core universe Main layer maintainer: Gyorgy Sarvari <skandigraun@gmail.com> Layer maintainer emeritus: Armin Kuster <akuster808@gmail.com> This repository is a collection of layers to supplement OE-Core with additional packages, Each layer have designated maintainer Please see the respective READMEs in the layer subdirectories