base-files: set status for CVE-2018-6557

CPE in NVD [1] shows ubuntu.
Debian [1] says "Ubuntu specific motd update code".
cvelistV5 has unparseable CPE so it sbom-cve-check assumes vulnerable
  ("lessThan": "10.1ubuntu2.2").

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

diff --git a/meta/recipes-core/base-files/base-files_3.0.14.bb b/meta/recipes-core/base-files/base-files_3.0.14.bb
index 3f01bb35d92fb0a152972c47d19d252991050a7f..d4d777b48518b1863194598098c8f451acc22401 100644 (file)
--- a/meta/recipes-core/base-files/base-files_3.0.14.bb
+++ b/meta/recipes-core/base-files/base-files_3.0.14.bb
@@ -167,3 +167,5 @@ CONFFILES:${PN} = "${sysconfdir}/fstab ${@['', '${sysconfdir}/hostname ${sysconf
 CONFFILES:${PN} += "${sysconfdir}/motd ${sysconfdir}/nsswitch.conf ${sysconfdir}/profile"
 
 INSANE_SKIP:${PN} += "empty-dirs"
+
+CVE_STATUS[CVE-2018-6557] = "not-applicable-platform: Ubuntu specific motd update code"