[nanbield,3/7] zlib: ignore CVE-2023-45853

Message ID	20231103132811.2074247-3-ross.burton@arm.com
State	New, archived
Headers	show Return-Path: <ross.burton@arm.com> ip: 217.140.110.172, mailfrom: ross.burton@arm.com) From: ross.burton@arm.com To: openembedded-core@lists.openembedded.org Cc: nd@arm.com Subject: [PATCH][nanbield 3/7] zlib: ignore CVE-2023-45853 Date: Fri, 3 Nov 2023 13:28:07 +0000 Message-Id: <20231103132811.2074247-3-ross.burton@arm.com> In-Reply-To: <20231103132811.2074247-1-ross.burton@arm.com> References: <20231103132811.2074247-1-ross.burton@arm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable
Series	[nanbield,1/7] linux-yocto: update CVE exclusions \| expand [nanbield,1/7] linux-yocto: update CVE exclusions [nanbield,2/7] libxml2: ignore disputed CVE-2023-45322 [nanbield,3/7] zlib: ignore CVE-2023-45853 [nanbield,4/7] pixman: ignore CVE-2023-37769 [nanbield,5/7] cve-check: sort the package list in the JSON report [nanbield,6/7] cve-check: slightly more verbose warning when adding the same package twice [nanbield,7/7] cve-check: don't warn if a patch is remote

Message ID

20231103132811.2074247-3-ross.burton@arm.com

State

New, archived

Headers

From: ross.burton@arm.com
To: openembedded-core@lists.openembedded.org
Cc: nd@arm.com
Subject: [PATCH][nanbield 3/7] zlib: ignore CVE-2023-45853
Date: Fri,  3 Nov 2023 13:28:07 +0000
Message-Id: <20231103132811.2074247-3-ross.burton@arm.com>
In-Reply-To: <20231103132811.2074247-1-ross.burton@arm.com>
References: <20231103132811.2074247-1-ross.burton@arm.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Series

[nanbield,1/7] linux-yocto: update CVE exclusions | expand

Commit Message

Ross Burton Nov. 3, 2023, 1:28 p.m. UTC

From: Ross Burton <ross.burton@arm.com>

This CVE relates to a bug in the minizip tool, but we don't build that.

Signed-off-by: Ross Burton <ross.burton@arm.com>
---
 meta/recipes-core/zlib/zlib_1.3.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-core/zlib/zlib_1.3.bb b/meta/recipes-core/zlib/zlib_1.3.bb
index c8fd855ee67..1ed18172faa 100644
--- a/meta/recipes-core/zlib/zlib_1.3.bb
+++ b/meta/recipes-core/zlib/zlib_1.3.bb
@@ -45,3 +45,5 @@  do_install_ptest() {
 }
 
 BBCLASSEXTEND = "native nativesdk"
+
+CVE_STATUS[CVE-2023-45853] = "not-applicable-config: we don't build minizip"

[nanbield,3/7] zlib: ignore CVE-2023-45853

Commit Message

Patch