cve-check.bbclass: CVE-2014-2524 / readline v5.2 - linux/poky.git

diff options

author	André Draszik <adraszik@tycoint.com>	2016-11-04 11:06:31 +0000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-01-11 17:21:41 +0000
commit	53ad465b40a772c55e949448a33a06e5e781e7d4 (patch)
tree	7697571c04ed2b0f66234ad92dd373f3b5f3f820 /meta/recipes-support
parent	2336faa9aa896c991f5de12b2f62d4bffe7d30d3 (diff)
download	poky-53ad465b40a772c55e949448a33a06e5e781e7d4.tar.gz

cve-check.bbclass: CVE-2014-2524 / readline v5.2

Contrary to the CVE report, the vulnerable trace functions don't exist in readline v5.2 (which we keep for GPLv2+ purposes), they were added in readline v6.0 only - let's whitelist that CVE in order to avoid false positives. See also the discussion in https://patchwork.openembedded.org/patch/81765/ (From OE-Core rev: b881a288eec598002685f68da80a24e0478fa496) (From OE-Core rev: b4498a6b734661fdfe3ff4e0a9850e796b72005c) Signed-off-by: André Draszik <adraszik@tycoint.com> Reviewed-by: Lukasz Nowak <lnowak@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'meta/recipes-support')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: