diff mbox series

[meta-oe,dunfell,2/2] emlog: ignore inapplicable CVEs

Message ID 20231114102350.3276837-2-yoann.congal@smile.fr
State New
Headers show
Series [meta-oe,dunfell,1/2] emlog: Add PV | expand

Commit Message

Yoann Congal Nov. 14, 2023, 10:23 a.m. UTC 
The CVEs:
 * CVE-2019-16868
 * CVE-2019-17073
 * CVE-2021-44584
 * CVE-2022-1526
 * CVE-2022-3968
 * CVE-2023-43291
... apply to the other "emlog" and can be safely ignored.

Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 meta-oe/recipes-core/emlog/emlog_git.bb | 13 +++++++++++++
 1 file changed, 13 insertions(+)
diff mbox series

Patch

diff --git a/meta-oe/recipes-core/emlog/emlog_git.bb b/meta-oe/recipes-core/emlog/emlog_git.bb
index 387dd6712..a503ab82b 100644
--- a/meta-oe/recipes-core/emlog/emlog_git.bb
+++ b/meta-oe/recipes-core/emlog/emlog_git.bb
@@ -24,3 +24,16 @@  do_install() {
 }
 
 RRECOMMENDS_${PN} += "kernel-module-emlog"
+
+# The NVD database doesn't have a CPE for this product,
+# the name of this product is exactly the same as github.com/emlog/emlog
+# but it's not related in any way. The following CVEs are from that project
+# so they can be safely ignored
+CVE_CHECK_WHITELIST += "\
+    CVE-2019-16868 \
+    CVE-2019-17073 \
+    CVE-2021-44584 \
+    CVE-2022-1526 \
+    CVE-2022-3968 \
+    CVE-2023-43291 \
+"