[2/2] cve-extra-exclusions: remove 2019 blanket ignores

Message ID	20230612131031.932073-2-ross.burton@arm.com
State	Accepted, archived
Commit	e46bd62a278ec0bb9da995cab9350f1c363131d1
Headers	show Return-Path: <ross.burton@arm.com> ip: 217.140.110.172, mailfrom: ross.burton@arm.com) From: ross.burton@arm.com To: openembedded-core@lists.openembedded.org Cc: nd@arm.com Subject: [PATCH 2/2] cve-extra-exclusions: remove 2019 blanket ignores Date: Mon, 12 Jun 2023 14:10:31 +0100 Message-Id: <20230612131031.932073-2-ross.burton@arm.com> In-Reply-To: <20230612131031.932073-1-ross.burton@arm.com> References: <20230612131031.932073-1-ross.burton@arm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable
Series	[1/2] cve-extra-exclusions: add more ignores for 2023 kernel CVEs \| expand [1/2] cve-extra-exclusions: add more ignores for 2023 kernel CVEs [2/2] cve-extra-exclusions: remove 2019 blanket ignores

Message ID

20230612131031.932073-2-ross.burton@arm.com

State

Accepted, archived

Commit

e46bd62a278ec0bb9da995cab9350f1c363131d1

Headers

From: ross.burton@arm.com
To: openembedded-core@lists.openembedded.org
Cc: nd@arm.com
Subject: [PATCH 2/2] cve-extra-exclusions: remove 2019 blanket ignores
Date: Mon, 12 Jun 2023 14:10:31 +0100
Message-Id: <20230612131031.932073-2-ross.burton@arm.com>
In-Reply-To: <20230612131031.932073-1-ross.burton@arm.com>
References: <20230612131031.932073-1-ross.burton@arm.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Series

[1/2] cve-extra-exclusions: add more ignores for 2023 kernel CVEs | expand

Commit Message

Ross Burton June 12, 2023, 1:10 p.m. UTC

From: Ross Burton <ross.burton@arm.com>

Remove the blanket ignore and handle the CVEs individually.

CVE-2019-14899 is related to network interface configuration across
multiple operating systems, so leave this as unresolved.

-3016, -3819 and -3887 are pending CPE updates, so ignore them.

The others have accurate CPE information now so are handled correctly.

Signed-off-by: Ross Burton <ross.burton@arm.com>
---
 meta/conf/distro/include/cve-extra-exclusions.inc | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc b/meta/conf/distro/include/cve-extra-exclusions.inc
index 41d751a7aed..f42253bff6e 100644
--- a/meta/conf/distro/include/cve-extra-exclusions.inc
+++ b/meta/conf/distro/include/cve-extra-exclusions.inc
@@ -74,8 +74,19 @@  CVE_CHECK_IGNORE += "CVE-2011-0640 CVE-2014-2648 CVE-2014-8171 CVE-2016-0774 CVE
 # 2018
 CVE_CHECK_IGNORE += "CVE-2018-1000026 CVE-2018-10840 CVE-2018-10876 CVE-2018-10882 CVE-2018-10901 CVE-2018-10902 \
                      CVE-2018-14625 CVE-2018-16880 CVE-2018-16884 CVE-2018-5873 CVE-2018-6559"
-# 2019
-CVE_CHECK_IGNORE += "CVE-2019-10126 CVE-2019-14899 CVE-2019-18910 CVE-2019-3016 CVE-2019-3819 CVE-2019-3846 CVE-2019-3887"
+
+# https://www.linuxkernelcves.com/cves/CVE-2019-3016
+# Fixed with 5.6
+CVE_CHECK_IGNORE += "CVE-2019-3016"
+
+# https://www.linuxkernelcves.com/cves/CVE-2019-3819
+# Fixed with 5.1
+CVE_CHECK_IGNORE += "CVE-2019-3819"
+
+# https://www.linuxkernelcves.com/cves/CVE-2019-3887
+# Fixed with 5.2
+CVE_CHECK_IGNORE += "CVE-2019-3887"
+
 # 2020
 CVE_CHECK_IGNORE += "CVE-2020-10732 CVE-2020-10742 CVE-2020-16119 CVE-2020-1749 CVE-2020-25672 CVE-2020-27820 CVE-2020-35501 CVE-2020-8834"

[2/2] cve-extra-exclusions: remove 2019 blanket ignores

Commit Message

Patch