git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit

cve-extra-exclusions: ignore inapplicable linux-yocto CVEs

Multiple CVEs are patched in kernel but appear as active because the NVD
database is not up to date.

In common file cve-extra-exclusion.inc, CVEs are ignored if and only if
all versions of kernel used are patched.

In cve-exclusion_6.1.inc, only ignore CVEs that are patched in v6.1,
and not patched in v5.15.
Recipes of version 6.1 should include this file.

Reviewed-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Geoffrey GIRY <geoffrey.giry@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

author	Geoffrey GIRY <geoffrey.giry@smile.fr>
	Wed, 5 Apr 2023 10:34:54 +0000 (12:34 +0200)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Wed, 5 Apr 2023 16:25:45 +0000 (17:25 +0100)
commit	5feb065f1b1aaf218f71cc9d31a9251b139b9442
tree	b88d45a1c6fcd75db61853b04e60bba0476956c7	tree \| snapshot
parent	b3e2729f686ff6e16e11590bcd701c057ae5f1e2	commit \| diff

meta/conf/distro/include/cve-extra-exclusions.inc		diff \| blob \| blame \| history
meta/recipes-kernel/linux/cve-exclusion_6.1.inc	[new file with mode: 0644]	blob
meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb		diff \| blob \| blame \| history
meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb		diff \| blob \| blame \| history
meta/recipes-kernel/linux/linux-yocto_6.1.bb		diff \| blob \| blame \| history