diff mbox series

xserver-xorg: update CVE_PRODUCT

Message ID 20211229013456.474188-1-anuj.mittal@intel.com
State Accepted, archived
Commit 4d5d63cf8605515bb659b6b732683d7fe6540728
Headers show
Series xserver-xorg: update CVE_PRODUCT | expand

Commit Message

Mittal, Anuj Dec. 29, 2021, 1:34 a.m. UTC 
Some of the CVEs have x_server as the product name.

Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 meta/recipes-graphics/xorg-xserver/xserver-xorg.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Richard Purdie Jan. 10, 2022, 11:59 a.m. UTC | #1 
On Wed, 2021-12-29 at 09:34 +0800, Anuj Mittal wrote:
> Some of the CVEs have x_server as the product name.
> 
> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
> ---
>  meta/recipes-graphics/xorg-xserver/xserver-xorg.inc | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
> index 7d1f17e7777..4e88cf26f72 100644
> --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
> +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
> @@ -19,7 +19,7 @@ SRC_URI = "${XORG_MIRROR}/individual/xserver/${XORG_PN}-${PV}.tar.xz"
>  
>  UPSTREAM_CHECK_REGEX = "xorg-server-(?P<pver>\d+(\.(?!99)\d+)+)\.tar"
>  
> -CVE_PRODUCT = "xorg-server"
> +CVE_PRODUCT = "xorg-server x_server"
>  
>  S = "${WORKDIR}/${XORG_PN}-${PV}"
>  

This does add a number of CVEs for master. Do you have updates for those? They
mostly look like things we probably would add to the ignore list at a quick
glance?

Cheers,

Richard
Ross Burton Jan. 10, 2022, 3:33 p.m. UTC | #2 
I sent a patch to whitelist two, and the other will be dealt with via
a CPE update.

Ross

On Mon, 10 Jan 2022 at 11:59, Richard Purdie
<richard.purdie@linuxfoundation.org> wrote:
>
> On Wed, 2021-12-29 at 09:34 +0800, Anuj Mittal wrote:
> > Some of the CVEs have x_server as the product name.
> >
> > Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
> > ---
> >  meta/recipes-graphics/xorg-xserver/xserver-xorg.inc | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
> > index 7d1f17e7777..4e88cf26f72 100644
> > --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
> > +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
> > @@ -19,7 +19,7 @@ SRC_URI = "${XORG_MIRROR}/individual/xserver/${XORG_PN}-${PV}.tar.xz"
> >
> >  UPSTREAM_CHECK_REGEX = "xorg-server-(?P<pver>\d+(\.(?!99)\d+)+)\.tar"
> >
> > -CVE_PRODUCT = "xorg-server"
> > +CVE_PRODUCT = "xorg-server x_server"
> >
> >  S = "${WORKDIR}/${XORG_PN}-${PV}"
> >
>
> This does add a number of CVEs for master. Do you have updates for those? They
> mostly look like things we probably would add to the ignore list at a quick
> glance?
>
> Cheers,
>
> Richard
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#160344): https://lists.openembedded.org/g/openembedded-core/message/160344
> Mute This Topic: https://lists.openembedded.org/mt/88007560/1676615
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ross@burtonini.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
diff mbox series

Patch

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
index 7d1f17e7777..4e88cf26f72 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
@@ -19,7 +19,7 @@  SRC_URI = "${XORG_MIRROR}/individual/xserver/${XORG_PN}-${PV}.tar.xz"
 
 UPSTREAM_CHECK_REGEX = "xorg-server-(?P<pver>\d+(\.(?!99)\d+)+)\.tar"
 
-CVE_PRODUCT = "xorg-server"
+CVE_PRODUCT = "xorg-server x_server"
 
 S = "${WORKDIR}/${XORG_PN}-${PV}"