We're using a pre-release version of 2.06 so these issues are fixed but continue to show up in the checks since it is pre-2.06 and the CPE entries are "before but excluding 2.06".
Adding these will clean up CVE reports until the 2.06 release comes out. Signed-off-by: Richard Purdie <[email protected]> --- meta/recipes-bsp/grub/grub2.inc | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 6de683ee1c5..f0fa86b1823 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -27,6 +27,13 @@ SRC_URI[sha256sum] = "2c87f1f21e2ab50043e6cd9163c08f1b6c3a6171556bf23ff9ed65b074 REALPV = "2.06~rc1" PV = "2.04+${REALPV}" +# Fixed in 2.06~rc1, can be removed for 2.06 final +CVE_CHECK_WHITELIST += "\ + CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-10713 \ + CVE-2020-14372 CVE-2020-15705 CVE-2020-15706 CVE-2020-15707 \ + CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 \ + CVE-2021-3418 CVE-2021-20225 CVE-2021-20233" + S = "${WORKDIR}/grub-${REALPV}" UPSTREAM_CHECK_URI = "${GNU_MIRROR}/grub" -- 2.30.2
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#152417): https://lists.openembedded.org/g/openembedded-core/message/152417 Mute This Topic: https://lists.openembedded.org/mt/83172817/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
