Skip to content

Commit

Permalink
sassc: ignore CVE-2022-43357
Browse files Browse the repository at this point in the history 
This CVE is fixed in current libsass recipe version.
So wrapper around it will also not show this problem.
It's usual usecase is to be statically linked with libsass which is
probably the reason why this is listed as vulnerable component.

[1] links [2] as issue tracker which points to [3] as fix.
[4] as base repository for the recipe is not involved and files from [3]
    are not present in this repository.

[1] https://nvd.nist.gov/vuln/detail/CVE-2022-43357
[2] sass/libsass#3177
[3] sass/libsass#3184
[4] https://github.com/sass/sassc/

Signed-off-by: Peter Marko <[email protected]>
Signed-off-by: Khem Raj <[email protected]>
  • Loading branch information
@petermarko @kraj
petermarko authored and kraj committed Dec 20, 2024
1 parent fc68a76 commit 5265753
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions meta-oe/recipes-support/sass/sassc_git.bb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,4 +11,6 @@ SRCREV = "66f0ef37e7f0ad3a65d2f481eff09d09408f42d0"
S = "${WORKDIR}/git"
PV = "3.6.2"

CVE_STATUS[CVE-2022-43357] = "cpe-incorrect: this is CVE for libsass, not sassc wrapper"

BBCLASSEXTEND = "native"

0 comments on commit 5265753

Please sign in to comment.