diff options
author | Ross Burton <ross@burtonini.com> | 2022-01-10 12:19:32 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-01-11 10:53:44 +0000 |
commit | b31a0c63717e57bf68d345057185d8d4e7d7c926 (patch) | |
tree | fa7dc25c5e7dba0eba590c0f8d8f26be25112b2d /meta/recipes-graphics/xorg-xserver/xserver-xorg.inc | |
parent | 6cbf2a490d2ee99e064c989a94b464df019bb6f6 (diff) | |
download | poky-b31a0c63717e57bf68d345057185d8d4e7d7c926.tar.gz |
xserver-xorg: whitelist two CVEs
CVE-2011-4613 is specific to Debian/Ubuntu.
CVE-2020-25697 is a non-trivial attack that may not actually be feasible
considering the default behaviour for clients is to exit if the
connection is lost.
(From OE-Core rev: afa2e6c31a79f75ff4113d53f618bbb349cd6c17)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-graphics/xorg-xserver/xserver-xorg.inc')
-rw-r--r-- | meta/recipes-graphics/xorg-xserver/xserver-xorg.inc | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc index 4e88cf26f7..437d5a8861 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc | |||
@@ -20,6 +20,14 @@ SRC_URI = "${XORG_MIRROR}/individual/xserver/${XORG_PN}-${PV}.tar.xz" | |||
20 | UPSTREAM_CHECK_REGEX = "xorg-server-(?P<pver>\d+(\.(?!99)\d+)+)\.tar" | 20 | UPSTREAM_CHECK_REGEX = "xorg-server-(?P<pver>\d+(\.(?!99)\d+)+)\.tar" |
21 | 21 | ||
22 | CVE_PRODUCT = "xorg-server x_server" | 22 | CVE_PRODUCT = "xorg-server x_server" |
23 | # This is specific to Debian's xserver-wrapper.c | ||
24 | CVE_CHECK_WHITELIST += "CVE-2011-4613" | ||
25 | # As per upstream, exploiting this flaw is non-trivial and it requires exact | ||
26 | # timing on the behalf of the attacker. Many graphical applications exit if their | ||
27 | # connection to the X server is lost, so a typical desktop session is either | ||
28 | # impossible or difficult to exploit. There is currently no upstream patch | ||
29 | # available for this flaw. | ||
30 | CVE_CHECK_WHITELIST += "CVE-2020-25697" | ||
23 | 31 | ||
24 | S = "${WORKDIR}/${XORG_PN}-${PV}" | 32 | S = "${WORKDIR}/${XORG_PN}-${PV}" |
25 | 33 | ||