From: Adarsh Jagadish Kamini <[email protected]> Both CVEs are disputed by third parties. The observed behavior (double free / invalid pointer free in readelf) only occurred in pre-release code and did not affect any tagged version [1][2].
CVE_STATUS[CVE-2025-69650] = "disputed: observed behavior only in pre-release code, does not affect any tagged version" CVE_STATUS[CVE-2025-69651] = "disputed: observed behavior only in pre-release code, does not affect any tagged version" [1] https://www.cve.org/CVERecord?id=CVE-2025-69650 [2] https://www.cve.org/CVERecord?id=CVE-2025-69651 Signed-off-by: Adarsh Jagadish Kamini <[email protected]> --- meta/recipes-devtools/binutils/binutils-2.45.inc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-devtools/binutils/binutils-2.45.inc b/meta/recipes-devtools/binutils/binutils-2.45.inc index 16a63cabc5..5cd4d185ac 100644 --- a/meta/recipes-devtools/binutils/binutils-2.45.inc +++ b/meta/recipes-devtools/binutils/binutils-2.45.inc @@ -20,6 +20,8 @@ UPSTREAM_CHECK_GITTAGREGEX = "binutils-(?P<pver>\d+_(\d_?)*)" CVE_STATUS[CVE-2025-7545] = "cpe-stable-backport: fix available in used git hash" CVE_STATUS[CVE-2025-7546] = "cpe-stable-backport: fix available in used git hash" +CVE_STATUS[CVE-2025-69650] = "disputed: observed behavior only in pre-release code, does not affect any tagged version" +CVE_STATUS[CVE-2025-69651] = "disputed: observed behavior only in pre-release code, does not affect any tagged version" SRCREV ?= "2f028c6bb163a045db95439fb92e1dcbc919413c" BINUTILS_GIT_URI ?= "git://sourceware.org/git/binutils-gdb.git;branch=${SRCBRANCH};protocol=https" -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#234283): https://lists.openembedded.org/g/openembedded-core/message/234283 Mute This Topic: https://lists.openembedded.org/mt/118594603/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
