]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commitdiff
projects / thirdparty / openembedded / openembedded-core-contrib.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: edaedfc)
zlib: Add CVE_PRODUCT to exclude false positives
authorHet Patel <hetpat@cisco.com>
Fri, 9 Aug 2024 05:57:00 +0000 (22:57 -0700)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Fri, 9 Aug 2024 21:33:07 +0000 (22:33 +0100)
To avoid false positives (such as CVE-2023-6992, cloudflare:zlib), add a
CVE_PRODUCT to identify the vendors that have been used.

Removing the present existing CVE_STATUS for CVE-2023-6992.

Signed-off-by: Het Patel <hetpat@cisco.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-core/zlib/zlib_1.3.1.bb patch | blob | blame | history

diff --git a/meta/recipes-core/zlib/zlib_1.3.1.bb b/meta/recipes-core/zlib/zlib_1.3.1.bb
index e6a81ef78985ef311967c6dc1b0cb077043f1db9..486431dffff8983f1925bdfde88c27d9d2b349e5 100644 (file)
--- a/meta/recipes-core/zlib/zlib_1.3.1.bb
+++ b/meta/recipes-core/zlib/zlib_1.3.1.bb
@@ -47,4 +47,6 @@ do_install_ptest() {
 BBCLASSEXTEND = "native nativesdk"
 
 CVE_STATUS[CVE-2023-45853] = "not-applicable-config: we don't build minizip"
-CVE_STATUS[CVE-2023-6992] = "cpe-incorrect: this CVE is for cloudflare zlib"
+
+# Adding 'CVE_PRODUCT' to avoid false detection of CVEs
+CVE_PRODUCT = "zlib:zlib gnu:zlib"
Mirror of git://git.openembedded.org/openembedded-core-contrib