diff options
| author | Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> | 2022-07-15 21:36:43 +0530 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-07-25 15:09:02 +0100 |
| commit | 868ebed326f9ce1b2b15c0c804171099db27ab3b (patch) | |
| tree | 6e6186bd24225727047dfc2ca0523e90f6fa80dd | |
| parent | 17c23e485e472baf117811688d172038b6f2130d (diff) | |
| download | poky-868ebed326f9ce1b2b15c0c804171099db27ab3b.tar.gz | |
cve-extra-exclusions.inc: Use CVE_CHECK_WHITELIST
Use CVE_CHECK_WHITELIST as CVE_CHECK_IGNORE is not valid on dunfell
branch
(From OE-Core rev: 5cb48712e09ffb4198b36897495215e578f9fe62)
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/conf/distro/include/cve-extra-exclusions.inc | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc b/meta/conf/distro/include/cve-extra-exclusions.inc index 70442df991..f3490db9dd 100644 --- a/meta/conf/distro/include/cve-extra-exclusions.inc +++ b/meta/conf/distro/include/cve-extra-exclusions.inc | |||
| @@ -57,19 +57,19 @@ CVE-2016-0689 CVE-2016-0692 CVE-2016-0694 CVE-2016-3418 CVE-2020-2981" | |||
| 57 | # There was a proposed patch https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html | 57 | # There was a proposed patch https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html |
| 58 | # qemu maintainers say the patch is incorrect and should not be applied | 58 | # qemu maintainers say the patch is incorrect and should not be applied |
| 59 | # Ignore from OE's perspectivee as the issue is of low impact, at worst sitting in an infinite loop rather than exploitable | 59 | # Ignore from OE's perspectivee as the issue is of low impact, at worst sitting in an infinite loop rather than exploitable |
| 60 | CVE_CHECK_IGNORE += "CVE-2021-20255" | 60 | CVE_CHECK_WHITELIST += "CVE-2021-20255" |
| 61 | 61 | ||
| 62 | # qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12067 | 62 | # qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12067 |
| 63 | # There was a proposed patch but rejected by upstream qemu. It is unclear if the issue can | 63 | # There was a proposed patch but rejected by upstream qemu. It is unclear if the issue can |
| 64 | # still be reproduced or where exactly any bug is. | 64 | # still be reproduced or where exactly any bug is. |
| 65 | # Ignore from OE's perspective as we'll pick up any fix when upstream accepts one. | 65 | # Ignore from OE's perspective as we'll pick up any fix when upstream accepts one. |
| 66 | CVE_CHECK_IGNORE += "CVE-2019-12067" | 66 | CVE_CHECK_WHITELIST += "CVE-2019-12067" |
| 67 | 67 | ||
| 68 | # nasm:nasm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18974 | 68 | # nasm:nasm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18974 |
| 69 | # It is a fuzzing related buffer overflow. It is of low impact since most devices | 69 | # It is a fuzzing related buffer overflow. It is of low impact since most devices |
| 70 | # wouldn't expose an assembler. The upstream is inactive and there is little to be | 70 | # wouldn't expose an assembler. The upstream is inactive and there is little to be |
| 71 | # done about the bug, ignore from an OE perspective. | 71 | # done about the bug, ignore from an OE perspective. |
| 72 | CVE_CHECK_IGNORE += "CVE-2020-18974" | 72 | CVE_CHECK_WHITELIST += "CVE-2020-18974" |
| 73 | 73 | ||
| 74 | 74 | ||
| 75 | 75 | ||