grub2: ignore CVE-2023-4001, this is Red Hat-specific

Message ID	20240129181920.2171316-1-ross.burton@arm.com
State	Accepted, archived
Commit	f99b25355133fe8f65a55737270e67ea10b79d52
Headers	show Return-Path: <ross.burton@arm.com> ip: 217.140.110.172, mailfrom: ross.burton@arm.com) From: ross.burton@arm.com To: openembedded-core@lists.openembedded.org Subject: [PATCH] grub2: ignore CVE-2023-4001, this is Red Hat-specific Date: Mon, 29 Jan 2024 18:19:20 +0000 Message-Id: <20240129181920.2171316-1-ross.burton@arm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable
Series	grub2: ignore CVE-2023-4001, this is Red Hat-specific \| expand grub2: ignore CVE-2023-4001, this is Red Hat-specific

Message ID

20240129181920.2171316-1-ross.burton@arm.com

State

Accepted, archived

Commit

f99b25355133fe8f65a55737270e67ea10b79d52

Headers

From: ross.burton@arm.com
To: openembedded-core@lists.openembedded.org
Subject: [PATCH] grub2: ignore CVE-2023-4001, this is Red Hat-specific
Date: Mon, 29 Jan 2024 18:19:20 +0000
Message-Id: <20240129181920.2171316-1-ross.burton@arm.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Series

grub2: ignore CVE-2023-4001, this is Red Hat-specific | expand

Comments

Alexander Kanavin Jan. 29, 2024, 6:25 p.m. UTC | #1

I can't help but notice there's a kind of irony here, given Red Hat's
major marketing point for RHEL is security fixes. Patching things one
doesn't fully understand without upstream review is not a good idea.

Alex


On Mon, 29 Jan 2024 at 19:19, Ross Burton <ross.burton@arm.com> wrote:
>
> From: Ross Burton <ross.burton@arm.com>
>
> Signed-off-by: Ross Burton <ross.burton@arm.com>
> ---
>  meta/recipes-bsp/grub/grub2.inc | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
> index 5685cae0ab4..47dc9217985 100644
> --- a/meta/recipes-bsp/grub/grub2.inc
> +++ b/meta/recipes-bsp/grub/grub2.inc
> @@ -25,6 +25,7 @@ SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154
>
>  CVE_STATUS[CVE-2019-14865] = "not-applicable-platform: applies only to RHEL"
>  CVE_STATUS[CVE-2021-46705] = "not-applicable-platform: Applies only to SUSE"
> +CVE_STATUS[CVE-2023-4001]  = "not-applicable-platform: Applies only to RHEL/Fedora"
>
>  DEPENDS = "flex-native bison-native gettext-native"
>
> --
> 2.34.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#194476): https://lists.openembedded.org/g/openembedded-core/message/194476
> Mute This Topic: https://lists.openembedded.org/mt/104037170/1686489
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alex.kanavin@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>

diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 5685cae0ab4..47dc9217985 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -25,6 +25,7 @@  SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154
 
 CVE_STATUS[CVE-2019-14865] = "not-applicable-platform: applies only to RHEL"
 CVE_STATUS[CVE-2021-46705] = "not-applicable-platform: Applies only to SUSE"
+CVE_STATUS[CVE-2023-4001]  = "not-applicable-platform: Applies only to RHEL/Fedora"
 
 DEPENDS = "flex-native bison-native gettext-native"

grub2: ignore CVE-2023-4001, this is Red Hat-specific

Commit Message

Comments

Patch