| Message ID | 20220715133515.14298-1-davide.gardenal@huawei.com |
|---|---|
| State | Accepted, archived |
| Delegated to: | Armin Kuster |
| Headers | show |
| Series | [master,kirkstone,meta-networking] freeradius: ignore patched CVEs | expand |
diff --git a/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb b/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb index da7e60419..0afcb2d70 100644 --- a/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb +++ b/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb @@ -36,6 +36,11 @@ SRC_URI = "git://github.com/FreeRADIUS/freeradius-server.git;branch=v3.0.x;lfs=0 SRCREV = "af428abda249b2279ba0582180985a9f6f4a144a" +CVE_CHECK_IGNORE = "\ + CVE-2002-0318 \ + CVE-2011-4966 \ +" + PARALLEL_MAKE = "" S = "${WORKDIR}/git"
CVE-2002-0318 and CVE-2011-4966 are both patched in our version of freeradius. The CPE in the NVD database doesn't reflect correctly the vulnerable versions that's why they are incorrectly picked up. Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> --- .../recipes-connectivity/freeradius/freeradius_3.0.21.bb | 5 +++++ 1 file changed, 5 insertions(+)