[scarthgap] glib-2.0: ignore CVE-2025-4056

Message ID	20250818181048.1685946-1-peter.marko@siemens.com
State	New
Headers	show Return-Path: <peter.marko@siemens.com> ip: 185.136.64.228, mailfrom: fm-256628-202508181811353af829ac4431cecb66-mj9z7g@rts-flowmailer.siemens.com) From: Peter Marko <peter.marko@siemens.com> To: openembedded-core@lists.openembedded.org Cc: Peter Marko <peter.marko@siemens.com> Subject: [OE-core][scarthgap][PATCH] glib-2.0: ignore CVE-2025-4056 Date: Mon, 18 Aug 2025 20:10:48 +0200 Message-Id: <20250818181048.1685946-1-peter.marko@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Feedback-ID: 519:519-256628:519-21489:flowmailer
Series	[scarthgap] glib-2.0: ignore CVE-2025-4056 \| expand [scarthgap] glib-2.0: ignore CVE-2025-4056

Message ID

20250818181048.1685946-1-peter.marko@siemens.com

State

New

Headers

From: Peter Marko <peter.marko@siemens.com>
To: openembedded-core@lists.openembedded.org
Cc: Peter Marko <peter.marko@siemens.com>
Subject: [OE-core][scarthgap][PATCH] glib-2.0: ignore CVE-2025-4056
Date: Mon, 18 Aug 2025 20:10:48 +0200
Message-Id: <20250818181048.1685946-1-peter.marko@siemens.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Feedback-ID: 519:519-256628:519-21489:flowmailer

Series

[scarthgap] glib-2.0: ignore CVE-2025-4056 | expand

Commit Message

Peter Marko Aug. 18, 2025, 6:10 p.m. UTC

From: Peter Marko <peter.marko@siemens.com>

NVD report [1] says:
A flaw was found in GLib. A denial of service on **Windows platforms**
may occur if an application attempts to spawn a program using long
command lines.

The fix [3] (linked from [2]) also changes only files
glib/gspawn-win32-helper.c
glib/gspawn-win32.c

[1] https://nvd.nist.gov/vuln/detail/CVE-2025-4056
[2] https://gitlab.gnome.org/GNOME/glib/-/issues/3668
[3] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4570

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb
index e1a3b57270..53e0543045 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb
+++ b/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb
@@ -66,3 +66,5 @@  def find_meson_cross_files(d):
 python () {
     find_meson_cross_files(d)
 }
+
+CVE_STATUS[CVE-2025-4056] = "not-applicable-platform: Issue only applies on Windows"

[scarthgap] glib-2.0: ignore CVE-2025-4056

Commit Message

Patch