summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended
diff options
context:
space:
mode:
authorMikko Rapeli <mikko.rapeli@bmw.de>2021-01-15 19:05:44 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2021-01-16 22:39:36 +0000
commit615cb60fd4e3f71293f7debb9dd19a183437ad4d (patch)
tree3c2f7c9ed1afa96018cf74224eb3b4c2790d55be /meta/recipes-extended
parent93543e99605684d65125859ce1104ea74e2452cf (diff)
downloadpoky-615cb60fd4e3f71293f7debb9dd19a183437ad4d.tar.gz
zip: whitelist CVE-2018-13410 and CVE-2018-13684
https://nvd.nist.gov/vuln/detail/CVE-2018-13410 is disputed and also Debian considers it not a vulnerability: https://security-tracker.debian.org/tracker/CVE-2018-13410 http://seclists.org/fulldisclosure/2018/Jul/24 "Negligible security impact, would involve that a untrusted party controls the -TT value." https://nvd.nist.gov/vuln/detail/CVE-2018-13684 is not for zip, also Debian concludes this: https://security-tracker.debian.org/tracker/CVE-2018-13684 "NOT-FOR-US: smart contract implementation for ZIP" (From OE-Core rev: 06b72a91b6dcf63fed437fd2105c59e922ba6525) Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended')
-rw-r--r--meta/recipes-extended/zip/zip_3.0.bb6
1 files changed, 6 insertions, 0 deletions
diff --git a/meta/recipes-extended/zip/zip_3.0.bb b/meta/recipes-extended/zip/zip_3.0.bb
index c00a932763..97e5e57533 100644
--- a/meta/recipes-extended/zip/zip_3.0.bb
+++ b/meta/recipes-extended/zip/zip_3.0.bb
@@ -19,6 +19,12 @@ UPSTREAM_VERSION_UNKNOWN = "1"
19SRC_URI[md5sum] = "7b74551e63f8ee6aab6fbc86676c0d37" 19SRC_URI[md5sum] = "7b74551e63f8ee6aab6fbc86676c0d37"
20SRC_URI[sha256sum] = "f0e8bb1f9b7eb0b01285495a2699df3a4b766784c1765a8f1aeedf63c0806369" 20SRC_URI[sha256sum] = "f0e8bb1f9b7eb0b01285495a2699df3a4b766784c1765a8f1aeedf63c0806369"
21 21
22# Disputed and also Debian doesn't consider a vulnerability
23CVE_CHECK_WHITELIST += "CVE-2018-13410"
24
25# Not for zip but for smart contract implementation for it
26CVE_CHECK_WHITELIST += "CVE-2018-13684"
27
22# zip.inc sets CFLAGS, but what Makefile actually uses is 28# zip.inc sets CFLAGS, but what Makefile actually uses is
23# CFLAGS_NOOPT. It will also force -O3 optimization, overriding 29# CFLAGS_NOOPT. It will also force -O3 optimization, overriding
24# whatever we set. 30# whatever we set.