git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit

author	Geoffrey GIRY <geoffrey.giry@smile.fr>
	Tue, 28 Mar 2023 09:47:25 +0000 (11:47 +0200)
committer	Steve Sakoman <steve@sakoman.com>
	Wed, 29 Mar 2023 15:41:20 +0000 (05:41 -1000)
commit	58d99257bc5b417c518049c6a79144aecc4e9224
tree	3d9c2b6e8a26afad60afc9228ab245c96629bae8	tree
parent	c650340c11567ae145151683a65ee54afdcf08e8	commit \| diff

cve-extra-exclusions: ignore inapplicable linux-yocto CVEs

Multiple CVE are patched in kernel but appears as active because the NVD
database is not up to date

In common file cve-extra-exclusion.inc, CVE are ignored if and only if
all versions of kernel used by langdale are patched

Also ignore CVEs with wrong CPE (applied to kernel but actually are for
another package)

In cve-exclusion_5.15.inc, only ignore CVE that are patched in v5.15,
and not patched in v5.19
Recipes of version 5.15 include this file

Reviewed-by: Yoann CONGAL <yoann.congal@smile.fr>
Signed-off-by: Geoffrey GIRY <geoffrey.giry@smile.fr>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

meta/conf/distro/include/cve-extra-exclusions.inc		diff \| blob \| blame \| history
meta/recipes-kernel/linux/cve-exclusion_5.15.inc	[new file with mode: 0644]	blob
meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb		diff \| blob \| blame \| history
meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb		diff \| blob \| blame \| history
meta/recipes-kernel/linux/linux-yocto_5.15.bb		diff \| blob \| blame \| history