diff mbox series

[meta-networking,scarthgap,5/6] libcoap: ignore CVE-2023-51847

Message ID 20251224074932.1379914-5-ankur.tyagi85@gmail.com
State New
Headers show
Series [meta-networking,scarthgap,1/6] dovecot: upgrade 2.3.21 -> 2.3.21.1 | expand

Commit Message

Ankur Tyagi Dec. 24, 2025, 7:49 a.m. UTC 
From: Ankur Tyagi <ankur.tyagi85@gmail.com>

Details https://nvd.nist.gov/vuln/detail/CVE-2023-51847

The vulnerability exists in coap_threadsafe.c but thread safe support was
added in version v4.5.3 [1]

[1] https://github.com/obgm/libcoap/commit/c69c5d5af0a30859e90756f535e2ca21cdeda0b2

$ git tag --contains c69c5d5
v4.3.5
v4.3.5-rc1
v4.3.5-rc2
v4.3.5-rc3
v4.3.5a

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb | 1 +
 1 file changed, 1 insertion(+)
diff mbox series

Patch

diff --git a/meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb b/meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb
index 4f5a986858..9c45cd248e 100644
--- a/meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb
+++ b/meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb
@@ -64,3 +64,4 @@  FILES:${PN}-bin = "${bindir}"
 FILES:${PN}-dev += "${datadir}/${BPN}/examples"
 
 CVE_STATUS[CVE-2025-50518] = "disputed: happens only when library is used incorrectly"
+CVE_STATUS[CVE-2023-51847] = "not-applicable-config: Doesn't apply to our configuration so we can safely ignore it."