Message ID | 20220704091955.32154-1-davide.gardenal@huawei.com |
---|---|
State | Superseded, archived |
Delegated to: | Armin Kuster |
Headers | show |
Series | [meta-oe,master,kirkstone] emlog: ignore unrelated CVEs | expand |
diff --git a/meta-oe/recipes-core/emlog/emlog_git.bb b/meta-oe/recipes-core/emlog/emlog_git.bb index be9ae5823..e2dcd4633 100644 --- a/meta-oe/recipes-core/emlog/emlog_git.bb +++ b/meta-oe/recipes-core/emlog/emlog_git.bb @@ -24,3 +24,14 @@ do_install() { } RRECOMMENDS:${PN} += "kernel-module-emlog" + +# The NVD database doesn't have a CPE for this product, +# the name of this product is exactly the same as github.com/emlog/emlog +# but it's not related in any way. The following CVEs are from that project +# so they can be safely ignored +CVE_IGNORE += "\ + CVE-2019-16868 \ + CVE-2019-17073 \ + CVE-2021-44584 \ + CVE-2022-1526 \ +"
This product is not present in the NVD database but another one with exactly the same name is in fact present. For that reason cve-check is outputting CVEs that are unrelated so they can be ignored. Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> --- meta-oe/recipes-core/emlog/emlog_git.bb | 11 +++++++++++ 1 file changed, 11 insertions(+)