diff mbox series

[kirkstone,v2] sqlite3: ignore CVE-2024-0232

Message ID 20240131225230.55587-1-peter.marko@siemens.com
State Accepted, archived
Delegated to: Steve Sakoman
Headers show
Series [kirkstone,v2] sqlite3: ignore CVE-2024-0232 | expand

Commit Message

Marko, Peter Jan. 31, 2024, 10:52 p.m. UTC 
From: Peter Marko <peter.marko@siemens.com>

This CVE reports bug which was fixed in 3.43.2 by [1].
Code analysis shows that it is fixing caching issue
and this cache was introduced by [2].
This landed only in 3.43.0 so 3.38.5 is not affected.

[1] https://sqlite.org/src/info/5b09212ac05615fc
[2] https://sqlite.org/src/info/2dbb22c75e86f2e3

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 meta/recipes-support/sqlite/sqlite3_3.38.5.bb | 2 ++
 1 file changed, 2 insertions(+)
diff mbox series

Patch

diff --git a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
index cece207eae..f061b0aa48 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
@@ -17,3 +17,5 @@  CVE_CHECK_IGNORE += "CVE-2019-19242"
 CVE_CHECK_IGNORE += "CVE-2015-3717"
 # Issue in an experimental extension we don't have/use. Fixed by https://sqlite.org/src/info/b1e0c22ec981cf5f
 CVE_CHECK_IGNORE += "CVE-2021-36690"
+# This was introduced in 3.43.0, 3.38.5 is not yet affected
+CVE_CHECK_IGNORE += "CVE-2024-0232"