On Thu, Nov 14, 2019 at 07:18:28AM -0800, akuster808 wrote: > > > On 11/14/19 4:51 AM, Adrian Bunk wrote: > > On Thu, Nov 14, 2019 at 12:04:40PM +0000, Ross Burton wrote: > >> On 13/11/2019 08:19, Adrian Bunk wrote: > >>> +# Affects: Builds of dhcpd versions prior to version 4.4.1 when using > >>> BIND versions 9.11.2 or later > >>> +CVE_CHECK_WHITELIST += "CVE-2019-6470" > >> Can you be a bit more explicit about why this is whitelisted? > > Something like > > BIND >= 9.11.2 need dhcpd >= 4.4.1, don't report it here since > > dhcpd is already recent enough. > Actual. checking isc dhcp sources, it appears the fix is sitting in > master and has not been merged to any of the stable branches. I have not > had the time to unpack and check in an OE env ti validate that. > > Have you done that?
At what commit are you looking? rt46719 was merged in 2017, actually before 4.4.0. > - Armin cu Adrian -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core