Re: [meta-virtualization][PATCH 1/2] grpc-go: add grpc to CVE_PRODUCT

Mon, 06 Nov 2023 17:50:19 -0800 

merged to master-next.

Bruce

In message: [meta-virtualization][PATCH 1/2] grpc-go: add grpc to CVE_PRODUCT
on 05/11/2023 Peter Marko via lists.yoctoproject.org wrote:

> From: Peter Marko <[email protected]>
> 
> Some cves are reported with "cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*"
> See https://nvd.nist.gov/vuln/detail/CVE-2023-44487
> 
> Signed-off-by: Peter Marko <[email protected]>
> ---
>  recipes-devtools/go/grpc-go_git.bb | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/recipes-devtools/go/grpc-go_git.bb 
> b/recipes-devtools/go/grpc-go_git.bb
> index d5bfaab9..b3b58ed4 100644
> --- a/recipes-devtools/go/grpc-go_git.bb
> +++ b/recipes-devtools/go/grpc-go_git.bb
> @@ -39,3 +39,7 @@ go_grpc_sysroot_preprocess () {
>  FILES:${PN} += " \
>      ${prefix}/local/go/src/${PKG_NAME}/* \
>  "
> +
> +# some CVEs are reported with "cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*"
> +# it's better to have false positives than false negatives
> +CVE_PRODUCT += "grpc"
> -- 
> 2.30.2
> 

> 
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#8431): 
https://lists.yoctoproject.org/g/meta-virtualization/message/8431
Mute This Topic: https://lists.yoctoproject.org/mt/102400850/21656
Group Owner: [email protected]
Unsubscribe: 
https://lists.yoctoproject.org/g/meta-virtualization/leave/6693005/21656/1014668956/xyzzy
 [[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to