Identical patch was already submitted and then requested to be ignored because the issue is apparently introduced by one of the added patches. https://lists.openembedded.org/g/openembedded-core/message/197670
Since the vulnerability report claims that our version IS vulnerable, it would be interesting to know where the truth is... https://github.com/skyler-ferrante/CVE-2024-28085 -> The vulnerable code was introduced in commit cdd3cc7fa4 (2013). Peter
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#198557): https://lists.openembedded.org/g/openembedded-core/message/198557 Mute This Topic: https://lists.openembedded.org/mt/105617913/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-