On 5/10/21 8:56 AM, Richard Purdie wrote: > We don't build/use the OPIE PAM module, exclude the CVE from this recipe. > > Signed-off-by: Richard Purdie <[email protected]> > --- > meta/recipes-connectivity/openssh/openssh_8.6p1.bb | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/meta/recipes-connectivity/openssh/openssh_8.6p1.bb > b/meta/recipes-connectivity/openssh/openssh_8.6p1.bb > index be56fe43b9e..57ad5e841ca 100644 > --- a/meta/recipes-connectivity/openssh/openssh_8.6p1.bb > +++ b/meta/recipes-connectivity/openssh/openssh_8.6p1.bb > @@ -27,6 +27,9 @@ SRC_URI = > "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar > " > SRC_URI[sha256sum] = > "c3e6e4da1621762c850d03b47eed1e48dff4cc9608ddeb547202a234df8ed7ae" > > +# This CVE is specific to OpenSSH with the pam opie which we don't build/use > here > +CVE_CHECK_WHITELIST += "CVE-2007-2768" > + That sounds like what a distro says when it provides you with binaries where they control most things. I thought this was a framework to build a distro so what I select , you don't know.
Too bad there isn't a var like CVE_CHECK_NO_UPSTREAM_FIX and have a cve-check level to exclude those at will. -armin > # This CVE is specific to OpenSSH server, as used in Fedora and Red Hat > Enterprise Linux 7 > # and when running in a Kerberos environment. As such it is not relevant to > OpenEmbedded > CVE_CHECK_WHITELIST += "CVE-2014-9278" > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#151602): https://lists.openembedded.org/g/openembedded-core/message/151602 Mute This Topic: https://lists.openembedded.org/mt/82723551/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
