diff options
author | Peter Marko <peter.marko@siemens.com> | 2023-06-02 11:18:20 +0200 |
---|---|---|
committer | Khem Raj <raj.khem@gmail.com> | 2023-06-04 22:29:45 -0700 |
commit | 81c18e0797694d74198a737dac08a3e8f631cac9 (patch) | |
tree | 4466662c7344f6fb1c370d4b0e4d481b4d675f80 /meta-oe | |
parent | 110f60fff7af288490ac3734685a1422d2724a5c (diff) | |
download | meta-openembedded-81c18e0797694d74198a737dac08a3e8f631cac9.tar.gz |
nss: ignore CVE-2022-3479
Investigation based on https://bugzilla.mozilla.org/show_bug.cgi?id=1774654 leads to following:
* fixed in 3.87
(https://hg.mozilla.org/projects/nss/rev/a7f363511333b8062945557607691002fd6e40b9)
* changed code was introduced in 3.77
(https://hg.mozilla.org/projects/nss/rev/be6a97823bfe10fa08e17c9584938a2d525a38da)
* NVD claims fix in 3.81, but there is no evidence for it in commit history
(https://hg.mozilla.org/projects/nss/graph/a7f363511333b8062945557607691002fd6e40b9)
* Debian also says for old versions "nss <not-affected> (Vulnerable code not present/was introduced later)"
(https://security-tracker.debian.org/tracker/CVE-2022-3479)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-oe')
-rw-r--r-- | meta-oe/recipes-support/nss/nss_3.74.bb | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/nss/nss_3.74.bb b/meta-oe/recipes-support/nss/nss_3.74.bb index a7048f0fe..38407a7c4 100644 --- a/meta-oe/recipes-support/nss/nss_3.74.bb +++ b/meta-oe/recipes-support/nss/nss_3.74.bb | |||
@@ -289,3 +289,6 @@ CVE_CHECK_IGNORE += "CVE-2006-5201" | |||
289 | # CVES CVE-2017-11695 CVE-2017-11696 CVE-2017-11697 CVE-2017-11698 only affect | 289 | # CVES CVE-2017-11695 CVE-2017-11696 CVE-2017-11697 CVE-2017-11698 only affect |
290 | # the legacy db (libnssdbm), only compiled with --enable-legacy-db. | 290 | # the legacy db (libnssdbm), only compiled with --enable-legacy-db. |
291 | CVE_CHECK_IGNORE += "CVE-2017-11695 CVE-2017-11696 CVE-2017-11697 CVE-2017-11698" | 291 | CVE_CHECK_IGNORE += "CVE-2017-11695 CVE-2017-11696 CVE-2017-11697 CVE-2017-11698" |
292 | |||
293 | # vulnerability was introduced in 3.77 and fixed in 3.87 | ||
294 | CVE_CHECK_IGNORE += "CVE-2022-3479" | ||