diff options
| author | André Draszik <adraszik@tycoint.com> | 2016-11-04 11:06:31 +0000 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-11-15 15:19:54 +0000 |
| commit | fe5c48dddf4bf6555be701bf38c316718b1c1794 (patch) | |
| tree | 9156a444ebcb6a80cf1543a15a921c4062d23bc1 | |
| parent | 85c9b9f9c602459b32f8f301b161c9a3f6f14d4e (diff) | |
| download | poky-fe5c48dddf4bf6555be701bf38c316718b1c1794.tar.gz | |
cve-check.bbclass: CVE-2014-2524 / readline v5.2
Contrary to the CVE report, the vulnerable trace functions
don't exist in readline v5.2 (which we keep for GPLv2+
purposes), they were added in readline v6.0 only - let's
whitelist that CVE in order to avoid false positives.
See also the discussion in
https://patchwork.openembedded.org/patch/81765/
(From OE-Core rev: b881a288eec598002685f68da80a24e0478fa496)
Signed-off-by: André Draszik <adraszik@tycoint.com>
Reviewed-by: Lukasz Nowak <lnowak@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/classes/cve-check.bbclass | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 1425a40554..b0febfb2e5 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass | |||
| @@ -39,7 +39,7 @@ CVE_CHECK_PN_WHITELIST = "\ | |||
| 39 | 39 | ||
| 40 | # Whitelist for CVE and version of package | 40 | # Whitelist for CVE and version of package |
| 41 | CVE_CHECK_CVE_WHITELIST = "{\ | 41 | CVE_CHECK_CVE_WHITELIST = "{\ |
| 42 | 'CVE-2014-2524': ('6.3',), \ | 42 | 'CVE-2014-2524': ('6.3','5.2',), \ |
| 43 | }" | 43 | }" |
| 44 | 44 | ||
| 45 | python do_cve_check () { | 45 | python do_cve_check () { |