Re: CVE-Request - bitbake

[Florian Weimer <fw () deneb enyo de>]

* Maxin John:

> Executing "bitbake -g -u depexp <package>" when DISPLAY is not
> properly set causes segfault and a denial of service (through OOM) via
> a crafted script.
>
> Bug Report URL:
> https://bugzilla.yoctoproject.org/show_bug.cgi?id=7299

I'm not sure if this is a security vulnerability in Bitbake.  It's a
build tool, right?  If the build jobs are not constraint externally,
the build commands could cause resource exhaustion in their own right,
I think.