]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commitdiff
zlib: ignore CVE-2023-6992
authorPeter Marko <peter.marko@siemens.com>
Sat, 13 Jan 2024 18:08:48 +0000 (19:08 +0100)
committerSteve Sakoman <steve@sakoman.com>
Sun, 14 Jan 2024 12:25:29 +0000 (02:25 -1000)
This CVE is for iCPE cloudflare:zlib.

Alternative to ignoring would be to limit CVE_PRODUCT, but
historic CVEs already have two - gnu:zlib and zlib:zlib.
So limiting it could miss future CVEs.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-core/zlib/zlib_1.2.11.bb

index 910fc2ec17a841a0d717a1f781c4aef629c965fe..9355f0556efbbd87aa2a9f26d74bd93912db4dda 100644 (file)
@@ -53,3 +53,6 @@ do_install_append_class-target() {
 }
 
 BBCLASSEXTEND = "native nativesdk"
+
+# this CVE is for cloudflare zlib
+CVE_CHECK_WHITELIST += "CVE-2023-6992"