CaROS/meta-openembedded
3
1
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-01-01 13:58:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

libcoap: ignore CVE-2025-50518

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-50518

The vulnerability is disputed by upstream, because the vulnerability
requires a user error, incorrect library usage. See also an upstream
discussion in a related (rejected) PR: https://github.com/obgm/libcoap/pull/1726

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 598176e1cb)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
Gyorgy Sarvari 2025-12-24 13:19:30 +05:30 committed by Anuj Mittal
parent 6593af3931
commit 8a991e7e3c
No known key found for this signature in database
GPG Key ID: 4340AEFE69F5085C
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb
View File

@ -62,3 +62,5 @@ PACKAGE_BEFORE_PN += "\
FILES:${PN}-bin = "${bindir}"
FILES:${PN}-dev += "${datadir}/${BPN}/examples"
CVE_STATUS[CVE-2025-50518] = "disputed: happens only when library is used incorrectly"