zlib: ignore CVE-2023-6992

This CVE is for iCPE cloudflare:zlib. Alternative to ignoring would be to limit CVE_PRODUCT, but historic CVEs already have two - gnu:zlib and zlib:zlib. So limiting it could miss future CVEs. (From OE-Core rev: 5dc87309639e78195eb1283afc193f6eac63b044) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Peter Marko <peter.marko@siemens.com> 2024-01-13 19:08:48 +0100
committer: Steve Sakoman <steve@sakoman.com> 2024-01-21 08:33:19 -1000
commit: 7e3b27865d62ecf75ec3b374888d9bafd7e7f5fc (patch)
tree: 819fe2f613e52f60b77260757a4c00a4ed39b869
parent: 2f7e1a230e17860dfc8fb735d4778510600a42db (diff)
download: poky-7e3b27865d62ecf75ec3b374888d9bafd7e7f5fc.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/meta/recipes-core/zlib/zlib_1.2.11.bb b/meta/recipes-core/zlib/zlib_1.2.11.bb
index 910fc2ec17..9355f0556e 100644
--- a/meta/recipes-core/zlib/zlib_1.2.11.bb
+++ b/meta/recipes-core/zlib/zlib_1.2.11.bb
@@ -53,3 +53,6 @@ do_install_append_class-target() {
 }
 BBCLASSEXTEND = "native nativesdk"
+# this CVE is for cloudflare zlib
+CVE_CHECK_WHITELIST += "CVE-2023-6992"
author	Peter Marko <peter.marko@siemens.com>	2024-01-13 19:08:48 +0100
committer	Steve Sakoman <steve@sakoman.com>	2024-01-21 08:33:19 -1000
commit	7e3b27865d62ecf75ec3b374888d9bafd7e7f5fc (patch)
tree	819fe2f613e52f60b77260757a4c00a4ed39b869
parent	2f7e1a230e17860dfc8fb735d4778510600a42db (diff)
download	poky-7e3b27865d62ecf75ec3b374888d9bafd7e7f5fc.tar.gz

diff --git a/meta/recipes-core/zlib/zlib_1.2.11.bb b/meta/recipes-core/zlib/zlib_1.2.11.bb index 910fc2ec17..9355f0556e 100644 --- a/meta/recipes-core/zlib/zlib_1.2.11.bb +++ b/meta/recipes-core/zlib/zlib_1.2.11.bb
@@ -53,3 +53,6 @@ do_install_append_class-target() {
53	}	53	}
54		54
55	BBCLASSEXTEND = "native nativesdk"	55	BBCLASSEXTEND = "native nativesdk"
		56
		57	# this CVE is for cloudflare zlib
		58	CVE_CHECK_WHITELIST += "CVE-2023-6992"