bind: set status for CVE-2017-3139

NVD [1] has only redhat cpes.
Debian [2] says RHEL6 specific.
cvelistV5 [3] has unparseable (so assumes affected):
  "version": "shipped in Red Hat Enterprise Linux 6"

[1] https://nvd.nist.gov/vuln/detail/CVE-2017-3139
[2] https://security-tracker.debian.org/tracker/CVE-2017-3139
[3] https://github.com/CVEProject/cvelistV5/blob/main/cves/2017/3xxx/CVE-2017-3139.json

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

diff --git a/meta/recipes-connectivity/bind/bind_9.20.22.bb b/meta/recipes-connectivity/bind/bind_9.20.22.bb
index c459cf28c9f028452c41ae9990989a3ce0aeba41..318412a62c078c71e184ce16b76b42654d54c26f 100644 (file)
--- a/meta/recipes-connectivity/bind/bind_9.20.22.bb
+++ b/meta/recipes-connectivity/bind/bind_9.20.22.bb
@@ -108,3 +108,5 @@ FILES_SOLIBSDEV = "${libdir}/*[!0-9].so ${libdir}/libbind9.so"
 FILES:${PN}-libs = "${libdir}/named/*.so* ${libdir}/*-${PV}.so"
 
 DEV_PKG_DEPENDENCY = ""
+
+CVE_STATUS[CVE-2017-3139] = "not-applicable-platform: RedHat specific issue"