From: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Tue, 11 May 2021 11:30:39 +0000 (+0100)
Subject: openssh: Exclude CVE-2008-3844 from cve-check
X-Git-Tag: lucaceresoli/bug-15201-perf-libtraceevent-missing~7869
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5d8b3ddf91050f6745a99a8abb1c3b03c35247af;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git

openssh: Exclude CVE-2008-3844 from cve-check

CVE only applies to some distributed RHEL binaries so irrelavent to us.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/recipes-connectivity/openssh/openssh_8.6p1.bb b/meta/recipes-connectivity/openssh/openssh_8.6p1.bb
index 57ad5e841ca..e8f041c58c1 100644
--- a/meta/recipes-connectivity/openssh/openssh_8.6p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_8.6p1.bb
@@ -34,6 +34,9 @@ CVE_CHECK_WHITELIST += "CVE-2007-2768"
 # and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded
 CVE_CHECK_WHITELIST += "CVE-2014-9278"
 
+# CVE only applies to some distributed RHEL binaries
+CVE_CHECK_WHITELIST += "CVE-2008-3844"
+
 PAM_SRC_URI = "file://sshd"
 
 inherit manpages useradd update-rc.d update-alternatives systemd