summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndré Draszik <adraszik@tycoint.com>2016-11-04 11:06:31 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-11-15 15:19:54 +0000
commitfe5c48dddf4bf6555be701bf38c316718b1c1794 (patch)
tree9156a444ebcb6a80cf1543a15a921c4062d23bc1
parent85c9b9f9c602459b32f8f301b161c9a3f6f14d4e (diff)
downloadpoky-fe5c48dddf4bf6555be701bf38c316718b1c1794.tar.gz
cve-check.bbclass: CVE-2014-2524 / readline v5.2
Contrary to the CVE report, the vulnerable trace functions don't exist in readline v5.2 (which we keep for GPLv2+ purposes), they were added in readline v6.0 only - let's whitelist that CVE in order to avoid false positives. See also the discussion in https://patchwork.openembedded.org/patch/81765/ (From OE-Core rev: b881a288eec598002685f68da80a24e0478fa496) Signed-off-by: André Draszik <adraszik@tycoint.com> Reviewed-by: Lukasz Nowak <lnowak@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/classes/cve-check.bbclass2
1 files changed, 1 insertions, 1 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 1425a40554..b0febfb2e5 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -39,7 +39,7 @@ CVE_CHECK_PN_WHITELIST = "\
39 39
40# Whitelist for CVE and version of package 40# Whitelist for CVE and version of package
41CVE_CHECK_CVE_WHITELIST = "{\ 41CVE_CHECK_CVE_WHITELIST = "{\
42 'CVE-2014-2524': ('6.3',), \ 42 'CVE-2014-2524': ('6.3','5.2',), \
43}" 43}"
44 44
45python do_cve_check () { 45python do_cve_check () {