qemu: Exclude CVE-2020-3550[4/5/6] from cve-check

CVE's affect ESP (NCR53C90) part of chip STP2000 (Master I/O). On Sparc32 it is the NCR89C100 part of the chip. On Macintosh Quadra it is NCR53C96. Both are not supported by yocto. (From OE-Core rev: e3ded54f9fd089382e6304604ca02d2305f16f21) Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Sakib Sajal <sakib.sajal@windriver.com> 2021-05-30 19:23:19 -0400
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-06-02 23:32:44 +0100
commit: e86a1ca689b80355dd852ae9a7a4511b14b929de (patch)
tree: b43439a06f8357f42ee53ceb2a38560934093418
parent: 587d07fe3f355478d936cda6945da77f69668a03 (diff)
download: poky-e86a1ca689b80355dd852ae9a7a4511b14b929de.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index fbda0c9174..3921546df7 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -76,6 +76,15 @@ CVE_CHECK_WHITELIST += "CVE-2007-0998"
 # https://bugzilla.redhat.com/show_bug.cgi?id=1609015#c11
 CVE_CHECK_WHITELIST += "CVE-2018-18438"
+# Following CVE's affect ESP (NCR53C90) part of chip STP2000 (Master I/O).
+# On Sparc32 it is the NCR89C100 part of the chip.
+# On Macintosh Quadra it is NCR53C96.
+# Both are not supported by yocto.
+# Reference: https://www.openwall.com/lists/oss-security/2021/04/16/3
+CVE_CHECK_WHITELIST += "CVE-2020-35504"
+CVE_CHECK_WHITELIST += "CVE-2020-35505"
+CVE_CHECK_WHITELIST += "CVE-2020-35506"
 COMPATIBLE_HOST_mipsarchn32 = "null"
 COMPATIBLE_HOST_mipsarchn64 = "null"
author	Sakib Sajal <sakib.sajal@windriver.com>	2021-05-30 19:23:19 -0400
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-06-02 23:32:44 +0100
commit	e86a1ca689b80355dd852ae9a7a4511b14b929de (patch)
tree	b43439a06f8357f42ee53ceb2a38560934093418
parent	587d07fe3f355478d936cda6945da77f69668a03 (diff)
download	poky-e86a1ca689b80355dd852ae9a7a4511b14b929de.tar.gz

diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index fbda0c9174..3921546df7 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -76,6 +76,15 @@ CVE_CHECK_WHITELIST += "CVE-2007-0998"
76	# https://bugzilla.redhat.com/show_bug.cgi?id=1609015#c11	76	# https://bugzilla.redhat.com/show_bug.cgi?id=1609015#c11
77	CVE_CHECK_WHITELIST += "CVE-2018-18438"	77	CVE_CHECK_WHITELIST += "CVE-2018-18438"
78		78
		79	# Following CVE's affect ESP (NCR53C90) part of chip STP2000 (Master I/O).
		80	# On Sparc32 it is the NCR89C100 part of the chip.
		81	# On Macintosh Quadra it is NCR53C96.
		82	# Both are not supported by yocto.
		83	# Reference: https://www.openwall.com/lists/oss-security/2021/04/16/3
		84	CVE_CHECK_WHITELIST += "CVE-2020-35504"
		85	CVE_CHECK_WHITELIST += "CVE-2020-35505"
		86	CVE_CHECK_WHITELIST += "CVE-2020-35506"
		87
79	COMPATIBLE_HOST_mipsarchn32 = "null"	88	COMPATIBLE_HOST_mipsarchn32 = "null"
80	COMPATIBLE_HOST_mipsarchn64 = "null"	89	COMPATIBLE_HOST_mipsarchn64 = "null"
81		90