This patch should go to [email protected]. I think the correct solution here would be to add CVE_PRODUCT = "fuse_project:fuse" in the recipe to differentiate it from "redhat:fuse".
Thanks, Anuj On Fri, 2021-04-09 at 12:04 +0530, saloni wrote: > CVE-2019-14860 is a REDHAT specific issue and > was addressed for REDHAT Fuse products on > Red Hat Fuse 7.4.1 and Red Hat Fuse 7.5.0. > REDHAT has also released the fix and updated their > security advisories after significant releases. > Hence, whitelited the CVE-2019-14860. > > Link: https://access.redhat.com/security/cve/cve-2019-14860 > Link: https://access.redhat.com/errata/RHSA-2019:3244 > Link: https://access.redhat.com/errata/RHSA-2019:3892 > > Signed-off-by: Saloni Jain <[email protected]> > --- > meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb > b/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb > index 2c272d452..601232c6b 100644 > --- a/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb > +++ b/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb > @@ -19,6 +19,10 @@ SRC_URI = > "https://github.com/libfuse/libfuse/releases/download/${BP}/${BP}.tar > . > SRC_URI[md5sum] = "8000410aadc9231fd48495f7642f3312" > SRC_URI[sha256sum] = > "d0e69d5d608cc22ff4843791ad097f554dd32540ddc9bed7638cc6fea7c1b4b5" > > +# CVE-2019-14860 is a REDHAT specific issue and was addressed for > REDHAT Fuse products on Red Hat Fuse 7.4.1 and Red Hat Fuse 7.5.0. > +# REDHAT has also released the fix and updated their security > advisories after significant releases. > +CVE_CHECK_WHITELIST += "CVE-2019-14860" > + > UPSTREAM_CHECK_URI = "https://github.com/libfuse/libfuse/releases"; > UPSTREAM_CHECK_REGEX = "fuse\-(?P<pver>2(\.\d+)+).tar.gz" > > -- > 2.17.1 > > This message contains information that may be privileged or > confidential and is the property of the KPIT Technologies Ltd. It is > intended only for the person to whom it is addressed. If you are not > the intended recipient, you are not authorized to read, print, retain > copy, disseminate, distribute, or use this message or any part > thereof. If you receive this message in error, please notify the > sender immediately and delete all copies of this message. KPIT > Technologies Ltd. does not accept any liability for virus infected > mails. > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#150327): https://lists.openembedded.org/g/openembedded-core/message/150327 Mute This Topic: https://lists.openembedded.org/mt/81962404/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
