[meta-oe,dunfell,v2] fuse: Whitelisted CVE-2019-14860

Submitted by Saloni Jain on April 9, 2021, 9:52 a.m. | Patch ID: 179579

Details

Message ID 20210409095258.22644-1-Saloni.Jain@kpit.com
State New
Headers show

Commit Message

Saloni Jain April 9, 2021, 9:52 a.m.
CVE-2019-14860 is a REDHAT specific issue and
was addressed for REDHAT Fuse products on
Red Hat Fuse 7.4.1 and Red Hat Fuse 7.5.0.
REDHAT has also released the fix and updated their
security advisories after significant releases.
Hence, whitelisted the CVE-2019-14860.

Link: https://access.redhat.com/security/cve/cve-2019-14860
Link: https://access.redhat.com/errata/RHSA-2019:3244
Link: https://access.redhat.com/errata/RHSA-2019:3892

Signed-off-by: Saloni Jain <Saloni.Jain@kpit.com>
---
 meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb | 5 +++++
 1 file changed, 5 insertions(+)

--
2.17.1

This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#90759): https://lists.openembedded.org/g/openembedded-devel/message/90759
Mute This Topic: https://lists.openembedded.org/mt/81964634/3617530
Group Owner: openembedded-devel+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [oe-patchwork@oe-patch.openembedded.org]
-=-=-=-=-=-=-=-=-=-=-=-

Patch hide | download patch | download mbox

diff --git a/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb b/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb
index 95e870691..97e399e42 100644
--- a/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb
+++ b/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb
@@ -19,6 +19,11 @@  SRC_URI = "https://github.com/libfuse/libfuse/releases/download/${BP}/${BP}.tar.
 SRC_URI[md5sum] = "8000410aadc9231fd48495f7642f3312"
 SRC_URI[sha256sum] = "d0e69d5d608cc22ff4843791ad097f554dd32540ddc9bed7638cc6fea7c1b4b5"

+# CVE-2019-14860 is a REDHAT specific issue and was addressed for REDHAT Fuse products on Red Hat Fuse 7.4.1 and Red Hat Fuse 7.5.0.
+# REDHAT has also released the fix and updated their security advisories after significant releases.
+CVE_PRODUCT = "fuse_project:fuse"
+CVE_CHECK_WHITELIST += "CVE-2019-14860"
+
 UPSTREAM_CHECK_URI = "https://github.com/libfuse/libfuse/releases"
 UPSTREAM_CHECK_REGEX = "fuse\-(?P<pver>2(\.\d+)+).tar.gz"


Comments

Anuj Mittal April 9, 2021, 2:25 p.m.
> -----Original Message-----
> From: openembedded-devel@lists.openembedded.org <openembedded-
> devel@lists.openembedded.org> On Behalf Of saloni
> Sent: Friday, April 9, 2021 05:53 PM
> To: openembedded-devel@lists.openembedded.org; raj.khem@gmail.com
> Cc: nisha.parrakat@kpit.com
> Subject: [oe] [meta-oe][dunfell][PATCH v2] fuse: Whitelisted CVE-2019-14860
> 
> CVE-2019-14860 is a REDHAT specific issue and was addressed for REDHAT Fuse
> products on Red Hat Fuse 7.4.1 and Red Hat Fuse 7.5.0.
> REDHAT has also released the fix and updated their security advisories after
> significant releases.
> Hence, whitelisted the CVE-2019-14860.
> 
> Link: https://access.redhat.com/security/cve/cve-2019-14860
> Link: https://access.redhat.com/errata/RHSA-2019:3244
> Link: https://access.redhat.com/errata/RHSA-2019:3892
> 
> Signed-off-by: Saloni Jain <Saloni.Jain@kpit.com>
> ---
>  meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb b/meta-
> filesystems/recipes-support/fuse/fuse_2.9.9.bb
> index 95e870691..97e399e42 100644
> --- a/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb
> +++ b/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb
> @@ -19,6 +19,11 @@ SRC_URI =
> "https://github.com/libfuse/libfuse/releases/download/${BP}/${BP}.tar.
>  SRC_URI[md5sum] = "8000410aadc9231fd48495f7642f3312"
>  SRC_URI[sha256sum] =
> "d0e69d5d608cc22ff4843791ad097f554dd32540ddc9bed7638cc6fea7c1b4b5"
> 
> +# CVE-2019-14860 is a REDHAT specific issue and was addressed for REDHAT
> Fuse products on Red Hat Fuse 7.4.1 and Red Hat Fuse 7.5.0.
> +# REDHAT has also released the fix and updated their security advisories after
> significant releases.
> +CVE_PRODUCT = "fuse_project:fuse"
> +CVE_CHECK_WHITELIST += "CVE-2019-14860"

This CVE is not listed for fuse_project:fuse so there should not be any need to whitelist it.

Thanks,

Anuj
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#90765): https://lists.openembedded.org/g/openembedded-devel/message/90765
Mute This Topic: https://lists.openembedded.org/mt/81964634/3617530
Group Owner: openembedded-devel+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [oe-patchwork@oe-patch.openembedded.org]
-=-=-=-=-=-=-=-=-=-=-=-