diff options
author | Mikko Rapeli <mikko.rapeli@bmw.de> | 2021-01-15 19:05:44 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-01-21 23:08:16 +0000 |
commit | df729eb610ca5f55b231a09535501a2ba4c5401b (patch) | |
tree | 2071393b59b21743bb19e07a21b66b0ac86a63c3 /meta/recipes-connectivity | |
parent | 3cc87ea759f42194d43b1f154c5eb334074ca1ad (diff) | |
download | poky-df729eb610ca5f55b231a09535501a2ba4c5401b.tar.gz |
zip: whitelist CVE-2018-13410 and CVE-2018-13684
https://nvd.nist.gov/vuln/detail/CVE-2018-13410 is disputed and
also Debian considers it not a vulnerability:
https://security-tracker.debian.org/tracker/CVE-2018-13410
http://seclists.org/fulldisclosure/2018/Jul/24
"Negligible security impact, would involve that a untrusted party controls the -TT value."
https://nvd.nist.gov/vuln/detail/CVE-2018-13684 is not for zip, also Debian concludes this:
https://security-tracker.debian.org/tracker/CVE-2018-13684
"NOT-FOR-US: smart contract implementation for ZIP"
(From OE-Core rev: 872342a37d6159844fcb8d9f0cbf37f011643195)
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 06b72a91b6dcf63fed437fd2105c59e922ba6525)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity')
0 files changed, 0 insertions, 0 deletions