[meta-oe,whinlatter,09/17] libcoap: ignore CVE-2025-50518

Message ID	20260105100237.3081345-9-skandigraun@gmail.com
State	Under Review
Delegated to:	Anuj Mittal
Headers	show Return-Path: <skandigraun@gmail.com> ip: 209.85.128.52, mailfrom: skandigraun@gmail.com) From: Gyorgy Sarvari <skandigraun@gmail.com> To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][whinlatter][PATCH 09/17] libcoap: ignore CVE-2025-50518 Date: Mon, 5 Jan 2026 11:02:29 +0100 Message-ID: <20260105100237.3081345-9-skandigraun@gmail.com> In-Reply-To: <20260105100237.3081345-1-skandigraun@gmail.com> References: <20260105100237.3081345-1-skandigraun@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[meta-networking,whinlatter,01/17] civetweb: ignore CVE-2025-9648 \| expand [meta-networking,whinlatter,01/17] civetweb: ignore CVE-2025-9648 [meta-networking,whinlatter,02/17] fetchmail: patch CVE-2025-61962 [meta-oe,whinlatter,03/17] freerdp3: ignore CVE-2025-68118 [meta-gnome,whinlatter,04/17] gimp: patch CVE-2025-14422 [meta-gnome,whinlatter,05/17] gimp: patch CVE-2025-14423 [meta-gnome,whinlatter,06/17] gimp: patch CVE-2025-14424 [meta-gnome,whinlatter,07/17] gimp: patch CVE-2025-14425 [meta-oe,whinlatter,08/17] imagemagick: upgrade 7.1.2-8 -> 7.1.2-12 [meta-oe,whinlatter,09/17] libcoap: ignore CVE-2025-50518 [meta-oe,whinlatter,10/17] libwebsockets: fix CVE-2025-11677 [meta-oe,whinlatter,11/17] libwebsockets: fix CVE-2025-11678 [meta-networking,whinlatter,12/17] openvpn: upgrade 2.6.16 -> 2.6.17 [meta-oe,whinlatter,13/17] php: upgrade 8.4.15 -> 8.4.16 [meta-oe,whinlatter,14/17] postgresql: upgrade 17.6 -> 17.7 [meta-python,whinlatter,15/17] python3-configobj: ignore CVE-2023-26112 [meta-python,whinlatter,16/17] python3-django: upgrade 4.2.26 -> 4.2.27 [meta-python,whinlatter,17/17] python3-django: upgrade 5.2.8 -> 5.2.9

Message ID

20260105100237.3081345-9-skandigraun@gmail.com

State

Under Review

Delegated to:

Anuj Mittal

Headers

From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-oe][whinlatter][PATCH 09/17] libcoap: ignore CVE-2025-50518
Date: Mon,  5 Jan 2026 11:02:29 +0100
Message-ID: <20260105100237.3081345-9-skandigraun@gmail.com>
In-Reply-To: <20260105100237.3081345-1-skandigraun@gmail.com>
References: <20260105100237.3081345-1-skandigraun@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[meta-networking,whinlatter,01/17] civetweb: ignore CVE-2025-9648 | expand

Commit Message

Gyorgy Sarvari Jan. 5, 2026, 10:02 a.m. UTC

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-50518

The vulnerability is disputed by upstream, because the vulnerability
requires a user error, incorrect library usage. See also an upstream
discussion in a related (rejected) PR: https://github.com/obgm/libcoap/pull/1726

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 598176e1cb6c928e322e26d358e8d01ba9d5af0a)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 meta-networking/recipes-devtools/libcoap/libcoap_4.3.5a.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-networking/recipes-devtools/libcoap/libcoap_4.3.5a.bb b/meta-networking/recipes-devtools/libcoap/libcoap_4.3.5a.bb
index 55c5ed8775..1a8d7ed725 100644
--- a/meta-networking/recipes-devtools/libcoap/libcoap_4.3.5a.bb
+++ b/meta-networking/recipes-devtools/libcoap/libcoap_4.3.5a.bb
@@ -60,3 +60,5 @@  PACKAGE_BEFORE_PN += "\
 
 FILES:${PN}-bin = "${bindir}"
 FILES:${PN}-dev += "${datadir}/${BPN}/examples"
+
+CVE_STATUS[CVE-2025-50518] = "disputed: happens only when library is used incorrectly"

[meta-oe,whinlatter,09/17] libcoap: ignore CVE-2025-50518

Commit Message

Patch