meta-openembedded

mirror of git://git.openembedded.org/meta-openembedded synced 2026-01-01 13:58:06 +00:00

History

Gyorgy Sarvari 1fa7c7080e wolfssl: ignore CVE-2025-11931 and CVE-2025-12889 NVD claims that WolfSSL 5.8.4 is affected by both of these vulnerabilities, however actually both have been fixed in that version. CVE-2025-11931: NVD[1] references [2] PR as a patch, which was merged in [3]. CVE-2025-12889: NVD[4] referenced [5] PR as a patch, which was merged in [6]. [1]: https://nvd.nist.gov/vuln/detail/CVE-2025-11931 [2]: https://github.com/wolfSSL/wolfssl/pull/9223 [3]: `e497d28ae1` [4]: https://nvd.nist.gov/vuln/detail/CVE-2025-12889 [5]: https://github.com/wolfSSL/wolfssl/pull/9395 [6]: `2db1c7a522` Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:25 -08:00
..
files	wolfssl: upgrade 5.8.0 -> 5.8.4	2025-12-10 08:56:13 -08:00
wolfssl_5.8.4.bb	wolfssl: ignore CVE-2025-11931 and CVE-2025-12889	2025-12-24 13:18:25 -08:00

wolfssl: ignore CVE-2025-11931 and CVE-2025-12889

NVD claims that WolfSSL 5.8.4 is affected by both of these vulnerabilities,
however actually both have been fixed in that version.

CVE-2025-11931: NVD[1] references [2] PR as a patch, which was merged in [3].
CVE-2025-12889: NVD[4] referenced [5] PR as a patch, which was merged in [6].

[1]: https://nvd.nist.gov/vuln/detail/CVE-2025-11931
[2]: https://github.com/wolfSSL/wolfssl/pull/9223
[3]: e497d28ae1
[4]: https://nvd.nist.gov/vuln/detail/CVE-2025-12889
[5]: https://github.com/wolfSSL/wolfssl/pull/9395
[6]: 2db1c7a522

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>

2025-12-24 13:18:25 -08:00

files wolfssl: upgrade 5.8.0 -> 5.8.4 2025-12-10 08:56:13 -08:00

wolfssl_5.8.4.bb wolfssl: ignore CVE-2025-11931 and CVE-2025-12889 2025-12-24 13:18:25 -08:00