| Message ID | 20230901040819.725503-1-dnagodra@cisco.com |
|---|---|
| State | Accepted, archived |
| Headers | show |
| Series | [dunfell] flex: Exclude CVE-2015-1773 from cve-check. | expand |
-----Original Message----- From: openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org> On Behalf Of Dhairya Nagodra via lists.openembedded.org Sent: Friday, September 1, 2023 6:08 To: openembedded-core@lists.openembedded.org Cc: Qi.Chen@windriver.com; xe-linux-external@cisco.com; Dhairya Nagodra <dnagodra@cisco.com> Subject: [OE-core] [dunfell] [PATCH] flex: Exclude CVE-2015-1773 from cve-check. > Issue only affects Apache. > > Signed-off-by: Dhairya Nagodra <dnagodra@cisco.com> > --- > meta/recipes-devtools/flex/flex_2.6.4.bb | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/meta/recipes-devtools/flex/flex_2.6.4.bb b/meta/recipes-devtools/flex/flex_2.6.4.bb > index 1ac88d65ef..5be7351f4c 100644 > --- a/meta/recipes-devtools/flex/flex_2.6.4.bb > +++ b/meta/recipes-devtools/flex/flex_2.6.4.bb > @@ -31,6 +31,8 @@ CVE_STATUS[CVE-2019-6293] = "upstream-wontfix: \ there is stack exhaustion but no bug and it is building the \ parser, not running it, effectively similar to a compiler ICE. Upstream no plans to address this." > > +CVE_STATUS[CVE-2015-1773] = "not-applicable-platform: Issue only affects Apache." dunfell does not support CVE_STATUS flags, you need to use CVE_CHECK_WHITELIST Additionally, this CVE is not reported for current dunfell version as CVE_PRODUCT is set correctly. > + > inherit autotools gettext texinfo ptest github-releases > > M4 = "${bindir}/m4" > -- > 2.35.6
diff --git a/meta/recipes-devtools/flex/flex_2.6.4.bb b/meta/recipes-devtools/flex/flex_2.6.4.bb index 1ac88d65ef..5be7351f4c 100644 --- a/meta/recipes-devtools/flex/flex_2.6.4.bb +++ b/meta/recipes-devtools/flex/flex_2.6.4.bb @@ -31,6 +31,8 @@ CVE_STATUS[CVE-2019-6293] = "upstream-wontfix: \ there is stack exhaustion but no bug and it is building the \ parser, not running it, effectively similar to a compiler ICE. Upstream no plans to address this." +CVE_STATUS[CVE-2015-1773] = "not-applicable-platform: Issue only affects Apache." + inherit autotools gettext texinfo ptest github-releases M4 = "${bindir}/m4"
Issue only affects Apache. Signed-off-by: Dhairya Nagodra <dnagodra@cisco.com> --- meta/recipes-devtools/flex/flex_2.6.4.bb | 2 ++ 1 file changed, 2 insertions(+)