Skip to content

Commit

Permalink
src/poky:libarchive: ignore CVE-2023-30571
Browse files Browse the repository at this point in the history 
This issue was reported and discusses under [1] which is linked in NVD CVE report.
It was already documented that some parts or libarchive are thread safe and some not.
[2] was now merged to document that also reported function is not thread safe.
So this CVE *now* reports thread race condition for non-thread-safe function.
And as such the CVE report is now invalid.

The issue is still not closed for 2 reasons:
* better document what is and what is not thread safe
* request to public if someone could make these functions thread safe
This should however not invalidate above statment about ignoring this CVE.

[1] libarchive/libarchive#1876
[2] libarchive/libarchive#1875

(From OE-Core rev: 9b5b850d6a6982bb8ff14dcfbb6769b293638293)

Signed-off-by: Peter Marko <[email protected]>
Signed-off-by: Richard Purdie <[email protected]>
  • Loading branch information
@petermarko @rpurdie
petermarko authored and rpurdie committed Jul 30, 2023
1 parent 187b96b commit 5889e88
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/poky
Submodule poky updated from 2f54f9 to 5dd5f0

0 comments on commit 5889e88

Please sign in to comment.