diff mbox series

[meta-oe,master,kirkstone] emlog: ignore unrelated CVEs

Message ID 20220704091955.32154-1-davide.gardenal@huawei.com
State Superseded, archived
Delegated to: Armin Kuster
Headers show
Series [meta-oe,master,kirkstone] emlog: ignore unrelated CVEs | expand

Commit Message

Davide Gardenal July 4, 2022, 9:19 a.m. UTC 
This product is not present in the NVD database but another
one with exactly the same name is in fact present. For that
reason cve-check is outputting CVEs that are unrelated so they
can be ignored.

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
---
 meta-oe/recipes-core/emlog/emlog_git.bb | 11 +++++++++++
 1 file changed, 11 insertions(+)
diff mbox series

Patch

diff --git a/meta-oe/recipes-core/emlog/emlog_git.bb b/meta-oe/recipes-core/emlog/emlog_git.bb
index be9ae5823..e2dcd4633 100644
--- a/meta-oe/recipes-core/emlog/emlog_git.bb
+++ b/meta-oe/recipes-core/emlog/emlog_git.bb
@@ -24,3 +24,14 @@  do_install() {
 }
 
 RRECOMMENDS:${PN} += "kernel-module-emlog"
+
+# The NVD database doesn't have a CPE for this product,
+# the name of this product is exactly the same as github.com/emlog/emlog
+# but it's not related in any way. The following CVEs are from that project
+# so they can be safely ignored
+CVE_IGNORE += "\
+    CVE-2019-16868 \
+    CVE-2019-17073 \
+    CVE-2021-44584 \
+    CVE-2022-1526 \
+"