summaryrefslogtreecommitdiffstats
path: root/meta/conf/distro
diff options
context:
space:
mode:
authorRichard Purdie <richard.purdie@linuxfoundation.org>2022-06-30 13:30:12 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2022-07-15 12:29:17 +0100
commitca90350d1370e46715075f3d5ac5fd87da258423 (patch)
tree495de826d2e521b6eaac3b3a733baa5e078750f4 /meta/conf/distro
parent159a2de14680e9f0617da98691d6ee5ac6f96875 (diff)
downloadpoky-ca90350d1370e46715075f3d5ac5fd87da258423.tar.gz
cve-extra-exclusions: Clean up and ignore three CVEs (2xqemu and nasm)
Remove obsolete comments/data from the file. Add in three CVEs to ignore. Two are qemu CVEs which upstream aren't particularly intersted in and aren't serious issues. Also ignore the nasm CVE found from fuzzing as this isn't a issue we'd expose from OE. (From OE-Core rev: b82c95720488eea8ea4b5684c9f89e4931085fa5) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 68291026aab2fa6ee1260ca95198dd1d568521e5) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/conf/distro')
-rw-r--r--meta/conf/distro/include/cve-extra-exclusions.inc31
1 files changed, 15 insertions, 16 deletions
diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc b/meta/conf/distro/include/cve-extra-exclusions.inc
index e02a4d1fde..70442df991 100644
--- a/meta/conf/distro/include/cve-extra-exclusions.inc
+++ b/meta/conf/distro/include/cve-extra-exclusions.inc
@@ -53,24 +53,23 @@ CVE-2015-4778 CVE-2015-4779 CVE-2015-4780 CVE-2015-4781 CVE-2015-4782 CVE-2015-4
53CVE-2015-4785 CVE-2015-4786 CVE-2015-4787 CVE-2015-4788 CVE-2015-4789 CVE-2015-4790 CVE-2016-0682 \ 53CVE-2015-4785 CVE-2015-4786 CVE-2015-4787 CVE-2015-4788 CVE-2015-4789 CVE-2015-4790 CVE-2016-0682 \
54CVE-2016-0689 CVE-2016-0692 CVE-2016-0694 CVE-2016-3418 CVE-2020-2981" 54CVE-2016-0689 CVE-2016-0692 CVE-2016-0694 CVE-2016-3418 CVE-2020-2981"
55 55
56#### CPE update pending ####
57
58# groff:groff-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0803
59# Appears it was fixed in https://git.savannah.gnu.org/cgit/groff.git/commit/?id=07f95f1674217275ed4612f1dcaa95a88435c6a7
60# so from 1.17 onwards. Reported to the database for update by RP 2021/5/9. Update accepted 2021/5/10.
61#CVE_CHECK_WHITELIST += "CVE-2000-0803"
62
63
64
65#### Upstream still working on ####
66
67# qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20255 56# qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20255
68# There was a proposed patch https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html 57# There was a proposed patch https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html
69# however qemu maintainers are sure the patch is incorrect and should not be applied. 58# qemu maintainers say the patch is incorrect and should not be applied
70 59# Ignore from OE's perspectivee as the issue is of low impact, at worst sitting in an infinite loop rather than exploitable
71# wget https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31879 60CVE_CHECK_IGNORE += "CVE-2021-20255"
72# https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html 61
73# No response upstream as of 2021/5/12 62# qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12067
63# There was a proposed patch but rejected by upstream qemu. It is unclear if the issue can
64# still be reproduced or where exactly any bug is.
65# Ignore from OE's perspective as we'll pick up any fix when upstream accepts one.
66CVE_CHECK_IGNORE += "CVE-2019-12067"
67
68# nasm:nasm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18974
69# It is a fuzzing related buffer overflow. It is of low impact since most devices
70# wouldn't expose an assembler. The upstream is inactive and there is little to be
71# done about the bug, ignore from an OE perspective.
72CVE_CHECK_IGNORE += "CVE-2020-18974"
74 73
75 74
76 75