[kirkstone][dunfell] CVE-2023-25193 fix request

[kirkstone][dunfell] CVE-2023-25193 fix request

[DC]

[-- Attachment #1: Type: text/plain, Size: 489 bytes --]

Hi Team,

We are working on CVE-2023-25193 for kirkstone and dunfell branch as it is causing errors in our applications.
There have been previous threads pointing to the issues that backporting is difficult due to code changes and new files being added and there are no second thoughts for the same.

Could you please suggest how can we proceed to fix it ? Version updates is out of scope due to various internal reasons. If anyone can help, it would be great help.

Thanks,

DC

[-- Attachment #2: Type: text/html, Size: 547 bytes --]

Re: [OE-core] [kirkstone][dunfell] CVE-2023-25193 fix request

[Polampalli, Archana]

[-- Attachment #1: Type: text/plain, Size: 1211 bytes --]

Hi,

One of my team member has worked on it and she will submit patch to upstream kirkstone in one or two days.

Regards,
Archana
________________________________
From: openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org> on behalf of DC via lists.openembedded.org <davidcorbe=outlook.com@lists.openembedded.org>
Sent: Friday, March 10, 2023 12:59 PM
To: openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org>
Subject: [OE-core] [kirkstone][dunfell] CVE-2023-25193 fix request

CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know the content is safe.

Hi Team,

We are working on CVE-2023-25193 for kirkstone and dunfell branch as it is causing errors in our applications.
There have been previous threads pointing to the issues that backporting is difficult due to code changes and new files being added and there are no second thoughts for the same.


Could you please suggest how can we proceed to fix it ? Version updates is out of scope due to various internal reasons. If anyone can help, it would be great help.


Thanks,

DC

[-- Attachment #2: Type: text/html, Size: 3012 bytes --]

Re: [kirkstone][dunfell] CVE-2023-25193 fix request

[Siddharth]

[-- Attachment #1: Type: text/plain, Size: 292 bytes --]

The Backport was a bit tricky but i feel its done.

I have submitted for kirkstone branch and the all the tests passed on my end.

Will be submitting it for dunfell soon too.

Let me know incase if the problem still persists. If it passes, i am happy to help :)

Regards,
Siddharth

[-- Attachment #2: Type: text/html, Size: 359 bytes --]

Re: [kirkstone][dunfell] CVE-2023-25193 fix request

[DC]

[-- Attachment #1: Type: text/plain, Size: 291 bytes --]

Siddharth and Steve ,

a little late but thank-you for the patch.

we were in the process of rigorous testing and it has passed with submitted patches on all 3 branches and our applications are running smoothly even on corner cases which were vulnerable due to the CVE.

Regards,
DC

[-- Attachment #2: Type: text/html, Size: 320 bytes --]