merged. Bruce
In message: [meta-virtualization] [kirkstone][PATCH] skopeo: Mark CVE-2019-10214 as fixed on 25/08/2022 Andrei Gherzan wrote: > From: Andrei Gherzan <[email protected]> > > This CVE was fixed[1] in the container image go library skopeo is using > (vendoring). The current version of the image go module is v5.20.0 while > the fix landed since v3.0.0[2]. > > See RedHat's resolution[3] for more details. > > [1] https://github.com/containers/image/issues/654 > [2] > https://github.com/containers/image/pull/669/commits/a3d69a4a89244803d2f5350aca6dd0fcbe444551 > [3] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10214 > > Signed-off-by: Andrei Gherzan <[email protected]> > --- > recipes-containers/skopeo/skopeo_git.bb | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/recipes-containers/skopeo/skopeo_git.bb > b/recipes-containers/skopeo/skopeo_git.bb > index 35377a8..d32c525 100644 > --- a/recipes-containers/skopeo/skopeo_git.bb > +++ b/recipes-containers/skopeo/skopeo_git.bb > @@ -35,6 +35,12 @@ S = "${WORKDIR}/git" > inherit goarch > inherit pkgconfig > > +# This CVE was fixed in the container image go library skopeo is using. > +# See: > +# https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10214 > +# https://github.com/containers/image/issues/654 > +CVE_CHECK_IGNORE += "CVE-2019-10214" > + > # This disables seccomp and apparmor, which are on by default in the > # go package. > EXTRA_OEMAKE="BUILDTAGS=''" > -- > 2.25.1 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#7570): https://lists.yoctoproject.org/g/meta-virtualization/message/7570 Mute This Topic: https://lists.yoctoproject.org/mt/93253352/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
