1 files changed, 13 insertions, 0 deletions
diff --git a/meta-networking/recipes-protocols/mdns/mdns_1310.40.42.bb b/meta-networking/recipes-protocols/mdns/mdns_1310.40.42.bb
index 445ed87e4..60bc26bf1 100644
--- a/meta-networking/recipes-protocols/mdns/mdns_1310.40.42.bb
+++ b/meta-networking/recipes-protocols/mdns/mdns_1310.40.42.bb
@@ -27,6 +27,19 @@ SRC_URI[sha256sum] = "bea29e1616cd56ccb8f88c0fad2bcdc4031f4deb2d899c793e2f27a838
 CVE_PRODUCT = "apple:mdnsresponder"
+# CVE-2007-0613 is not applicable as it only affects Apple products
+# i.e. ichat,mdnsresponder, instant message framework and MacOS.
+# Also, https://www.exploit-db.com/exploits/3230 shows the part of code
+# affected by CVE-2007-0613 which is not preset in upstream source code.
+# Hence, CVE-2007-0613 does not affect other Yocto implementations and
+# is not reported for other distros can be marked whitelisted.
+# Links:
+# https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
+# https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2007-0613
+# https://security-tracker.debian.org/tracker/CVE-2007-0613
+# https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
+CVE_CHECK_WHITELIST += "CVE-2007-0613"
 PARALLEL_MAKE = ""
 S = "${WORKDIR}/mDNSResponder-${PV}/mDNSPosix"

diff --git a/meta-networking/recipes-protocols/mdns/mdns_1310.40.42.bb b/meta-networking/recipes-protocols/mdns/mdns_1310.40.42.bb index 445ed87e4..60bc26bf1 100644 --- a/meta-networking/recipes-protocols/mdns/mdns_1310.40.42.bb +++ b/meta-networking/recipes-protocols/mdns/mdns_1310.40.42.bb
@@ -27,6 +27,19 @@ SRC_URI[sha256sum] = "bea29e1616cd56ccb8f88c0fad2bcdc4031f4deb2d899c793e2f27a838
27		27
28	CVE_PRODUCT = "apple:mdnsresponder"	28	CVE_PRODUCT = "apple:mdnsresponder"
29		29
		30	# CVE-2007-0613 is not applicable as it only affects Apple products
		31	# i.e. ichat,mdnsresponder, instant message framework and MacOS.
		32	# Also, https://www.exploit-db.com/exploits/3230 shows the part of code
		33	# affected by CVE-2007-0613 which is not preset in upstream source code.
		34	# Hence, CVE-2007-0613 does not affect other Yocto implementations and
		35	# is not reported for other distros can be marked whitelisted.
		36	# Links:
		37	# https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
		38	# https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2007-0613
		39	# https://security-tracker.debian.org/tracker/CVE-2007-0613
		40	# https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
		41	CVE_CHECK_WHITELIST += "CVE-2007-0613"
		42
30	PARALLEL_MAKE = ""	43	PARALLEL_MAKE = ""
31		44
32	S = "${WORKDIR}/mDNSResponder-${PV}/mDNSPosix"	45	S = "${WORKDIR}/mDNSResponder-${PV}/mDNSPosix"