[kirkstone,06/22] shadow: ignore CVE-2016-15024

Message ID	d0b1f61eb1fadf44b2e4fba13b6a94140cf029db.1678888649.git.steve@sakoman.com
State	Accepted, archived
Commit	d0b1f61eb1fadf44b2e4fba13b6a94140cf029db
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.214.169, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 06/22] shadow: ignore CVE-2016-15024 Date: Wed, 15 Mar 2023 04:00:57 -1000 Message-Id: <d0b1f61eb1fadf44b2e4fba13b6a94140cf029db.1678888649.git.steve@sakoman.com> In-Reply-To: <cover.1678888649.git.steve@sakoman.com> References: <cover.1678888649.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[kirkstone,01/22] epiphany: Security fix for CVE-2023-26081 \| expand [kirkstone,01/22] epiphany: Security fix for CVE-2023-26081 [kirkstone,02/22] glibc: Security fix for CVE-2023-0687 [kirkstone,03/22] gnutls: fix CVE-2023-0361 timing side-channel in the TLS RSA key exchange code [kirkstone,04/22] harfbuzz: Security fix for CVE-2023-25193 [kirkstone,05/22] tiff: fix multiple CVEs [kirkstone,06/22] shadow: ignore CVE-2016-15024 [kirkstone,07/22] libmicrohttpd: upgrade 0.9.75 -> 0.9.76 [kirkstone,08/22] sudo: update 1.9.12p2 -> 1.9.13p3 [kirkstone,09/22] linux-yocto/5.15: update to v5.15.94 [kirkstone,10/22] linux-yocto/5.15: update to v5.15.96 [kirkstone,11/22] linux-yocto-rt/5.15: update to -rt59 [kirkstone,12/22] iso-codes: upgrade 4.12.0 -> 4.13.0 [kirkstone,13/22] binutils: Fix nativesdk ld.so search [kirkstone,14/22] python3-setuptools-rust-native: Add direct dependency of native python3 modules [kirkstone,15/22] oeqa/selftest/prservice: Improve debug output for failure [kirkstone,16/22] systemd: add group sgx to udev package [kirkstone,17/22] vim: add missing pkgconfig inherit [kirkstone,18/22] meson: Fix wrapper handling of implicit setup command [kirkstone,19/22] oeqa/sdk: Improve Meson test [kirkstone,20/22] linux: inherit pkgconfig in kernel.bbclass [kirkstone,21/22] lua: Fix install conflict when enable multilib. [kirkstone,22/22] vala: Fix install conflict when enable multilib.

Message ID

d0b1f61eb1fadf44b2e4fba13b6a94140cf029db.1678888649.git.steve@sakoman.com

State

Accepted, archived

Commit

d0b1f61eb1fadf44b2e4fba13b6a94140cf029db

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 06/22] shadow: ignore CVE-2016-15024
Date: Wed, 15 Mar 2023 04:00:57 -1000
Message-Id: 
 <d0b1f61eb1fadf44b2e4fba13b6a94140cf029db.1678888649.git.steve@sakoman.com>
In-Reply-To: <cover.1678888649.git.steve@sakoman.com>
References: <cover.1678888649.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[kirkstone,01/22] epiphany: Security fix for CVE-2023-26081 | expand

Commit Message

Steve Sakoman March 15, 2023, 2 p.m. UTC

From: Ross Burton <ross.burton@arm.com>

This recently got an updated CPE which matches this recipe, but the issue
is related to an entirely different shadow project so ignore it.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 2331e98abb09cbcd56625d65c4e5d258dc29dd04)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-extended/shadow/shadow_4.11.1.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/recipes-extended/shadow/shadow_4.11.1.bb b/meta/recipes-extended/shadow/shadow_4.11.1.bb
index 40b11345c9..d1a3fd5593 100644
--- a/meta/recipes-extended/shadow/shadow_4.11.1.bb
+++ b/meta/recipes-extended/shadow/shadow_4.11.1.bb
@@ -9,3 +9,6 @@  BBCLASSEXTEND = "native nativesdk"
 # Severity is low and marked as closed and won't fix.
 # https://bugzilla.redhat.com/show_bug.cgi?id=884658
 CVE_CHECK_IGNORE += "CVE-2013-4235"
+
+# This is an issue for a different shadow
+CVE_CHECK_IGNORE += "CVE-2016-15024"

[kirkstone,06/22] shadow: ignore CVE-2016-15024

Commit Message

Patch