From: Sanjay Chitroda <schitrod@cisco.com>
Date: Sun, 28 May 2023 05:52:52 +0000 (-0700)
Subject: sqlite3: Whitelist CVE-2022-21227
X-Git-Tag: uninative-4.1~633
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cfc42fdabb3f12eb4ac5069a549ba5699385dfdc;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git

sqlite3: Whitelist CVE-2022-21227

This CVE is applicable to "SQLite3 bindings for Node.js" only.

References:
https://nvd.nist.gov/vuln/detail/CVE-2022-21227

Signed-off-by: Sanjay Chitroda <schitrod@cisco.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/recipes-support/sqlite/sqlite3_3.41.2.bb b/meta/recipes-support/sqlite/sqlite3_3.41.2.bb
index b09e8e7f557..11bc8bb4c0e 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.41.2.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.41.2.bb
@@ -12,3 +12,6 @@ CVE_CHECK_IGNORE += "CVE-2019-19242"
 CVE_CHECK_IGNORE += "CVE-2015-3717"
 # Issue in an experimental extension we don't have/use. Fixed by https://sqlite.org/src/info/b1e0c22ec981cf5f
 CVE_CHECK_IGNORE += "CVE-2021-36690"
+# As per https://nvd.nist.gov/vuln/detail/CVE-2022-21227
+# this bug is applicable to SQLite3 Node.js
+CVE_CHECK_IGNORE += "CVE-2022-21227"