Message ID | 20230612110029.7522-1-peter.marko@siemens.com |
---|---|
State | New |
Headers | show |
Series | [meta-oe,kirkstone] c-ares: ignore CVE-2023-31124 | expand |
diff --git a/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb b/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb index 5614d1310..180e2f3e9 100644 --- a/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb +++ b/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb @@ -21,3 +21,7 @@ PACKAGES =+ "${PN}-utils" FILES:${PN}-utils = "${bindir}" BBCLASSEXTEND = "native nativesdk" + +# this vulneribility applies only when cross-compiling using autotools +# yocto cross-compiles via cmake which is also listed as official workaround +CVE_CHECK_IGNORE += "CVE-2023-31124"