CaROS/poky
3
1
Fork 0
mirror of https://git.yoctoproject.org/git/poky synced 2026-01-01 13:58:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

glibc: fix CVE-2025-8058

Browse Source 
This is a single commit bump containing only CVE fix
$ git log --oneline cff1042cceec3502269947e96cf7023451af22f3..b027d5b145f1b2908f370bdb96dfe40180d0fcb6
b027d5b145 posix: Fix double-free after allocation failure in regcomp (bug 33185)

Test results didn't change except newly added test succeeding.
(tst-regcomp-bracket-free)

(From OE-Core rev: c2b63f171719e2b1c12ba049cbe776adf9e0244b)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Peter Marko 2025-07-29 23:45:52 +02:00 committed by Steve Sakoman
parent 2156b7931e
commit d9b992de0d
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
meta/recipes-core/glibc/glibc-version.inc
View File

@ -1,6 +1,6 @@
SRCBRANCH ?= "release/2.39/master"
PV = "2.39+git"
SRCREV_glibc ?= "cff1042cceec3502269947e96cf7023451af22f3"
SRCREV_glibc ?= "b027d5b145f1b2908f370bdb96dfe40180d0fcb6"
SRCREV_localedef ?= "fab74f31b3811df543e24b6de47efdf45b538abc"
GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https"

2
meta/recipes-core/glibc/glibc_2.39.bb
View File

@ -18,7 +18,7 @@ easier access for another. 'ASLR bypass itself is not a vulnerability.'"
CVE_STATUS_GROUPS += "CVE_STATUS_STABLE_BACKPORTS"
CVE_STATUS_STABLE_BACKPORTS = "CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 CVE-2025-0395 \
CVE-2025-4802 CVE-2025-5702"
CVE-2025-4802 CVE-2025-5702 CVE-2025-8058"
CVE_STATUS_STABLE_BACKPORTS[status] = "cpe-stable-backport: fix available in used git hash"
DEPENDS += "gperf-native bison-native"