diff options
author | Ross Burton <ross.burton@arm.com> | 2023-09-04 22:33:22 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-09-06 17:52:45 +0100 |
commit | 0dd973297d9c260e7bb82a09159a5056f1de87de (patch) | |
tree | 30577e7ffd538ab6cb657339fa3162de40d7fe05 | |
parent | 733afeffd19a2ae3af34abe95e514cb4b99cd366 (diff) | |
download | poky-0dd973297d9c260e7bb82a09159a5056f1de87de.tar.gz |
linux: review some historic CVE_STATUS
Do manual review and disposition these CVEs as appropriate.
(From OE-Core rev: a8db0735e228465715cf885d3b889fddfd68efc6)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/conf/distro/include/cve-extra-exclusions.inc | 4 | ||||
-rw-r--r-- | meta/recipes-kernel/linux/cve-exclusion.inc | 12 |
2 files changed, 13 insertions, 3 deletions
diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc b/meta/conf/distro/include/cve-extra-exclusions.inc index 51926f342a..cfee028e5b 100644 --- a/meta/conf/distro/include/cve-extra-exclusions.inc +++ b/meta/conf/distro/include/cve-extra-exclusions.inc | |||
@@ -68,9 +68,7 @@ replacing bdb with supported and open source friendly alternatives. As a result | |||
68 | CVE_STATUS_GROUPS += "CVE_STATUS_KERNEL_HISTORIC" | 68 | CVE_STATUS_GROUPS += "CVE_STATUS_KERNEL_HISTORIC" |
69 | 69 | ||
70 | CVE_STATUS_KERNEL_HISTORIC = "CVE-1999-0524 CVE-1999-0656 CVE-2006-2932 CVE-2007-2764 CVE-2007-4998 \ | 70 | CVE_STATUS_KERNEL_HISTORIC = "CVE-1999-0524 CVE-1999-0656 CVE-2006-2932 CVE-2007-2764 CVE-2007-4998 \ |
71 | CVE-2008-2544 CVE-2008-4609 CVE-2010-0298 CVE-2010-4563 CVE-2011-0640 \ | 71 | CVE-2008-2544 CVE-2008-4609 CVE-2010-0298 CVE-2010-4563 CVE-2011-0640" |
72 | CVE-2014-2648 CVE-2016-0774 CVE-2016-3695 CVE-2016-3699 CVE-2017-1000377 \ | ||
73 | CVE-2017-6264" | ||
74 | CVE_STATUS_KERNEL_HISTORIC[status] = "ignored" | 72 | CVE_STATUS_KERNEL_HISTORIC[status] = "ignored" |
75 | 73 | ||
76 | 74 | ||
diff --git a/meta/recipes-kernel/linux/cve-exclusion.inc b/meta/recipes-kernel/linux/cve-exclusion.inc index 42f1c195c9..28f9c8ff2b 100644 --- a/meta/recipes-kernel/linux/cve-exclusion.inc +++ b/meta/recipes-kernel/linux/cve-exclusion.inc | |||
@@ -1,3 +1,15 @@ | |||
1 | CVE_STATUS[CVE-2014-2648] = "cpe-incorrect: not Linux" | ||
2 | |||
3 | CVE_STATUS[CVE-2016-0774] = "ignored: result of incomplete backport" | ||
4 | |||
5 | CVE_STATUS[CVE-2016-3695] = "not-applicable-platform: specific to RHEL with securelevel patches" | ||
6 | |||
7 | CVE_STATUS[CVE-2016-3699] = "not-applicable-platform: specific to RHEL with securelevel patches" | ||
8 | |||
9 | CVE_STATUS[CVE-2017-6264] = "not-applicable-platform: Android specific" | ||
10 | |||
11 | CVE_STATUS[CVE-2017-1000377] = "not-applicable-platform: GRSecurity specific" | ||
12 | |||
1 | CVE_STATUS[CVE-2018-6559] = "not-applicable-platform: Issue only affects Ubuntu" | 13 | CVE_STATUS[CVE-2018-6559] = "not-applicable-platform: Issue only affects Ubuntu" |
2 | 14 | ||
3 | CVE_STATUS[CVE-2020-11935] = "not-applicable-config: Issue only affects aufs, which is not in linux-yocto" | 15 | CVE_STATUS[CVE-2020-11935] = "not-applicable-config: Issue only affects aufs, which is not in linux-yocto" |