On Mon, 2023-10-02 at 20:09 -0700, Hemraj, Deepthi via lists.openembedded.org wrote: > From: Deepthi Hemraj <[email protected]> > > Below commits on glibc-2.38 stable branch are updated. > 0e1ef6779a (HEAD -> release/2.38/master, origin/release/2.38/master) > manual/jobs.texi: Add missing @item EPERM for getpgid > d94461bb86 string: Fix tester build with fortify enable with gcc < 12 > 63250e9c57 iconv: restore verbosity with unrecognized encoding names (bug > 30694) > 00ae4f10b5 getaddrinfo: Fix use after free in getcanonname (CVE-2023-4806) > b25508dd77 CVE-2023-4527: Stack read overflow with large TCP responses in > no-aaaa mode > 89da8bc588 NEWS: Add the 2.38.1 bug list > d3ba6c1333 elf: Move l_init_called_next to old place of l_text_end in link map > 750f19526a elf: Remove unused l_text_end field from struct link_map > a3189f66a5 elf: Always call destructors in reverse constructor order (bug > 30785) > 7ae211a01b elf: Do not run constructors for proxy objects > 92201f16cb libio: Fix oversized __io_vtables > 5bdef6f27c io: Fix record locking contants for powerpc64 with > __USE_FILE_OFFSET64 > > 0024-CVE-2023-4527.patch is dropped > > Signed-off-by: Deepthi Hemraj <[email protected]> > --- > meta/recipes-core/glibc/glibc-version.inc | 2 +- > .../glibc/glibc/0024-CVE-2023-4527.patch | 219 ------------------ > meta/recipes-core/glibc/glibc_2.38.bb | 1 - > 3 files changed, 1 insertion(+), 221 deletions(-) > delete mode 100644 meta/recipes-core/glibc/glibc/0024-CVE-2023-4527.patch
I suspect that as well we deleting the patch, you need to add something like: CVE_STATUS[CVE-2023-4527] = "fixed-version: Fixed in stable branch updates" otherwise we'll see CVEs reported against this again? There may be other CVEs which need adding too? Cheers, Richard
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#188661): https://lists.openembedded.org/g/openembedded-core/message/188661 Mute This Topic: https://lists.openembedded.org/mt/101727838/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
