diff options
Diffstat (limited to 'meta/conf/distro/include')
-rw-r--r-- | meta/conf/distro/include/cve-extra-exclusions.inc | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc b/meta/conf/distro/include/cve-extra-exclusions.inc index e02a4d1fde..85b40207bf 100644 --- a/meta/conf/distro/include/cve-extra-exclusions.inc +++ b/meta/conf/distro/include/cve-extra-exclusions.inc | |||
@@ -19,7 +19,7 @@ | |||
19 | # strace https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0006 | 19 | # strace https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0006 |
20 | # CVE is more than 20 years old with no resolution evident | 20 | # CVE is more than 20 years old with no resolution evident |
21 | # broken links in CVE database references make resolution impractical | 21 | # broken links in CVE database references make resolution impractical |
22 | CVE_CHECK_WHITELIST += "CVE-2000-0006" | 22 | CVE_CHECK_IGNORE += "CVE-2000-0006" |
23 | 23 | ||
24 | # epiphany https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0238 | 24 | # epiphany https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0238 |
25 | # The issue here is spoofing of domain names using characters from other character sets. | 25 | # The issue here is spoofing of domain names using characters from other character sets. |
@@ -28,26 +28,26 @@ CVE_CHECK_WHITELIST += "CVE-2000-0006" | |||
28 | # there is unlikely ever to be a single fix to webkit or epiphany which addresses this | 28 | # there is unlikely ever to be a single fix to webkit or epiphany which addresses this |
29 | # problem. Whitelisted as there isn't any mitigation or fix or way to progress this further | 29 | # problem. Whitelisted as there isn't any mitigation or fix or way to progress this further |
30 | # we can seem to take. | 30 | # we can seem to take. |
31 | CVE_CHECK_WHITELIST += "CVE-2005-0238" | 31 | CVE_CHECK_IGNORE += "CVE-2005-0238" |
32 | 32 | ||
33 | # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4756 | 33 | # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4756 |
34 | # Issue is memory exhaustion via glob() calls, e.g. from within an ftp server | 34 | # Issue is memory exhaustion via glob() calls, e.g. from within an ftp server |
35 | # Best discussion in https://bugzilla.redhat.com/show_bug.cgi?id=681681 | 35 | # Best discussion in https://bugzilla.redhat.com/show_bug.cgi?id=681681 |
36 | # Upstream don't see it as a security issue, ftp servers shouldn't be passing | 36 | # Upstream don't see it as a security issue, ftp servers shouldn't be passing |
37 | # this to libc glob. Exclude as upstream have no plans to add BSD's GLOB_LIMIT or similar | 37 | # this to libc glob. Exclude as upstream have no plans to add BSD's GLOB_LIMIT or similar |
38 | CVE_CHECK_WHITELIST += "CVE-2010-4756" | 38 | CVE_CHECK_IGNORE += "CVE-2010-4756" |
39 | 39 | ||
40 | # go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29509 | 40 | # go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29509 |
41 | # go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29511 | 41 | # go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29511 |
42 | # The encoding/xml package in go can potentially be used for security exploits if not used correctly | 42 | # The encoding/xml package in go can potentially be used for security exploits if not used correctly |
43 | # CVE applies to a netapp product as well as flagging a general issue. We don't ship anything | 43 | # CVE applies to a netapp product as well as flagging a general issue. We don't ship anything |
44 | # exposing this interface in an exploitable way | 44 | # exposing this interface in an exploitable way |
45 | CVE_CHECK_WHITELIST += "CVE-2020-29509 CVE-2020-29511" | 45 | CVE_CHECK_IGNORE += "CVE-2020-29509 CVE-2020-29511" |
46 | 46 | ||
47 | # db | 47 | # db |
48 | # Since Oracle relicensed bdb, the open source community is slowly but surely replacing bdb with | 48 | # Since Oracle relicensed bdb, the open source community is slowly but surely replacing bdb with |
49 | # supported and open source friendly alternatives. As a result these CVEs are unlikely to ever be fixed. | 49 | # supported and open source friendly alternatives. As a result these CVEs are unlikely to ever be fixed. |
50 | CVE_CHECK_WHITELIST += "CVE-2015-2583 CVE-2015-2624 CVE-2015-2626 CVE-2015-2640 CVE-2015-2654 \ | 50 | CVE_CHECK_IGNORE += "CVE-2015-2583 CVE-2015-2624 CVE-2015-2626 CVE-2015-2640 CVE-2015-2654 \ |
51 | CVE-2015-2656 CVE-2015-4754 CVE-2015-4764 CVE-2015-4774 CVE-2015-4775 CVE-2015-4776 CVE-2015-4777 \ | 51 | CVE-2015-2656 CVE-2015-4754 CVE-2015-4764 CVE-2015-4774 CVE-2015-4775 CVE-2015-4776 CVE-2015-4777 \ |
52 | CVE-2015-4778 CVE-2015-4779 CVE-2015-4780 CVE-2015-4781 CVE-2015-4782 CVE-2015-4783 CVE-2015-4784 \ | 52 | CVE-2015-4778 CVE-2015-4779 CVE-2015-4780 CVE-2015-4781 CVE-2015-4782 CVE-2015-4783 CVE-2015-4784 \ |
53 | CVE-2015-4785 CVE-2015-4786 CVE-2015-4787 CVE-2015-4788 CVE-2015-4789 CVE-2015-4790 CVE-2016-0682 \ | 53 | CVE-2015-4785 CVE-2015-4786 CVE-2015-4787 CVE-2015-4788 CVE-2015-4789 CVE-2015-4790 CVE-2016-0682 \ |
@@ -58,7 +58,7 @@ CVE-2016-0689 CVE-2016-0692 CVE-2016-0694 CVE-2016-3418 CVE-2020-2981" | |||
58 | # groff:groff-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0803 | 58 | # groff:groff-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0803 |
59 | # Appears it was fixed in https://git.savannah.gnu.org/cgit/groff.git/commit/?id=07f95f1674217275ed4612f1dcaa95a88435c6a7 | 59 | # Appears it was fixed in https://git.savannah.gnu.org/cgit/groff.git/commit/?id=07f95f1674217275ed4612f1dcaa95a88435c6a7 |
60 | # so from 1.17 onwards. Reported to the database for update by RP 2021/5/9. Update accepted 2021/5/10. | 60 | # so from 1.17 onwards. Reported to the database for update by RP 2021/5/9. Update accepted 2021/5/10. |
61 | #CVE_CHECK_WHITELIST += "CVE-2000-0803" | 61 | #CVE_CHECK_IGNORE += "CVE-2000-0803" |
62 | 62 | ||
63 | 63 | ||
64 | 64 | ||