From: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Mon, 10 May 2021 15:30:56 +0000 (+0100)
Subject: jquery: Exclude CVE-2007-2379 from cve-check
X-Git-Tag: lucaceresoli/bug-15201-perf-libtraceevent-missing~7879
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1f82843584f6d2843c5bbd2fe5dcbc654a0fbcfb;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git

jquery: Exclude CVE-2007-2379 from cve-check

The CVE is non-specific and depends on the users of jquery, doesn't
make sense to have this flagged against jquery as there is nothing we can
do about it.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/recipes-devtools/jquery/jquery_3.6.0.bb b/meta/recipes-devtools/jquery/jquery_3.6.0.bb
index 65905966c1c..03792730fd2 100644
--- a/meta/recipes-devtools/jquery/jquery_3.6.0.bb
+++ b/meta/recipes-devtools/jquery/jquery_3.6.0.bb
@@ -19,6 +19,11 @@ SRC_URI[map.sha256sum] = "399548fb0e7b146c12f5ba18099a47d594a970fee96212eee0ab48
 
 UPSTREAM_CHECK_REGEX = "jquery-(?P<pver>\d+(\.\d+)+)\.js"
 
+# https://github.com/jquery/jquery/issues/3927
+# There are ways jquery can expose security issues but any issues are in the apps exposing them
+# and there is little we can directly do
+CVE_CHECK_WHITELIST += "CVE-2007-2379"
+
 inherit allarch
 
 do_install() {