poky/libsdl2 at kirkstone-4.0.28 - poky

mirror of git://git.yoctoproject.org/poky.git synced 2025-08-22 00:42:05 +02:00

History

Peter Marko c6bb0ec77c libsdl2: ignore CVE-2020-14409 and CVE-2020-14410 This was fixed in 2.0.14, but NVD DB lists > 2.0.20 causing false positives in CVE metrics. NVD entries [1] and [2] list commit [3] which redirects to commit [4]. Also Debian 10 uses this commit, while Debian 11 with 2.0.14 does not patch it and claims it's fixed. Trying to apply the patch shows it's already applied. Following shows git history of this commit wrt tags. SDL$ git describe a7ff6e96155f550a5597621ebeddd03c98aa9294 --tags release-2.0.12-305-ga7ff6e961 SDL$ git describe release-2.0.14 --tags --match=release-2.0.12 release-2.0.12-873-g4cd981609 SDL$ git describe release-2.0.20 --tags --match=release-2.0.12 release-2.0.12-3126-gb424665e0 [1] https://nvd.nist.gov/vuln/detail/CVE-2020-14409 [2] https://nvd.nist.gov/vuln/detail/CVE-2020-14410 [3] https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9 [4] `a7ff6e9615` (From OE-Core rev: 3079d562b4df69ab0ac20ec8d13a4240ce0a3514) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2024-12-16 05:58:03 -08:00
..
libsdl2	libsdl2: fix CVE-2022-4743	2023-03-09 13:19:02 +00:00
libsdl2_2.0.20.bb	libsdl2: ignore CVE-2020-14409 and CVE-2020-14410	2024-12-16 05:58:03 -08:00

Peter Marko c6bb0ec77c libsdl2: ignore CVE-2020-14409 and CVE-2020-14410

This was fixed in 2.0.14, but NVD DB lists > 2.0.20 causing
false positives in CVE metrics.

NVD entries [1] and [2] list commit [3] which redirects to commit [4].
Also Debian 10 uses this commit, while Debian 11 with 2.0.14 does not
patch it and claims it's fixed.

Trying to apply the patch shows it's already applied.

Following shows git history of this commit wrt tags.
SDL$ git describe a7ff6e96155f550a5597621ebeddd03c98aa9294 --tags
release-2.0.12-305-ga7ff6e961
SDL$ git describe release-2.0.14 --tags --match=release-2.0.12
release-2.0.12-873-g4cd981609
SDL$ git describe release-2.0.20 --tags --match=release-2.0.12
release-2.0.12-3126-gb424665e0

[1] https://nvd.nist.gov/vuln/detail/CVE-2020-14409
[2] https://nvd.nist.gov/vuln/detail/CVE-2020-14410
[3] https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9
[4] a7ff6e9615

(From OE-Core rev: 3079d562b4df69ab0ac20ec8d13a4240ce0a3514)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2024-12-16 05:58:03 -08:00

libsdl2 libsdl2: fix CVE-2022-4743 2023-03-09 13:19:02 +00:00

libsdl2_2.0.20.bb libsdl2: ignore CVE-2020-14409 and CVE-2020-14410 2024-12-16 05:58:03 -08:00