Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[kirkstone] libpcre2: patch CVE-2022-41409 #110

Merged
merged 1 commit into from
Sep 11, 2023
Merged

[kirkstone] libpcre2: patch CVE-2022-41409 #110

merged 1 commit into from
Sep 11, 2023

Conversation

amstewart
Copy link

Cherry-pick a fix for CVE-2022-41409 which has already been merged in the upstream OE-core kirkstone stable branch for several weeks.

Backport commit mentioned in NVD DB links.
https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 410cdbc70cfba709ec5bef508e772f52514ba28a)

NI AZDO ID: https://dev.azure.com/ni/DevCentral/_workitems/edit/2517362

Testing

  • Built libpcre2 locally and confirmed that the recipe still works.

@petermarko @amstewart
libpcre2: patch CVE-2022-41409
319cbce 
Backport commit mentioned in NVD DB links.
PCRE2Project/pcre2@94e1c00

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 410cdbc)
@amstewart amstewart requested a review from a team September 11, 2023 18:06
@chaitu236
Copy link

Cherry-pick a fix for GHSA-4qfx-v7wh-3q4j which has already been merged in the upstream OE-core kirkstone stable branch for several weeks.

Do you know why we didn't get this as part of regular upstream merge #108 ?

@SparkingSpork

@xhuff
Copy link

xhuff commented Sep 11, 2023
edited by ni-vsts-admins
Loading

@chaitu236 my guess is because the meta-oe commit was on July 31 and @SparkingSpork's merge PR was on 8/2 (and he started working on AB#2395767 on 8/1), we just missed it (i.e. Charlie's local merge was probably before the commit went in)

@amstewart amstewart merged commit ac20563 into ni:nilrt/master/kirkstone Sep 11, 2023
@amstewart amstewart deleted the dev/kirkstone/libpcre2 branch September 11, 2023 21:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chaitu236 chaitu236 chaitu236 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@amstewart @chaitu236 @xhuff @petermarko