From: Richard Purdie <[email protected]> The CVE applies to the built-in VNC server but we don't enable this by default.
Signed-off-by: Richard Purdie <[email protected]> (cherry picked from commit d62b9974a5f3a0f462434ce2763c28a4b4bbcfc6) Signed-off-by: Steve Sakoman <[email protected]> --- meta/recipes-devtools/qemu/qemu.inc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 86abd5ea49..396ff1c5eb 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -64,6 +64,10 @@ SRC_URI[sha256sum] = "d3481d4108ce211a053ef15be69af1bdd9dde1510fda80d92be0f6c3e9 # Applies against virglrender < 0.6.0 and not qemu itself CVE_CHECK_WHITELIST += "CVE-2017-5957" +# The VNC server can expose host files uder some circumstances. We don't +# enable it by default. +CVE_CHECK_WHITELIST += "CVE-2007-0998" + COMPATIBLE_HOST_mipsarchn32 = "null" COMPATIBLE_HOST_mipsarchn64 = "null" -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#151950): https://lists.openembedded.org/g/openembedded-core/message/151950 Mute This Topic: https://lists.openembedded.org/mt/82887665/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
