From: Sakib Sajal <[email protected]> CVE's affect ESP (NCR53C90) part of chip STP2000 (Master I/O). On Sparc32 it is the NCR89C100 part of the chip. On Macintosh Quadra it is NCR53C96. Both are not supported by yocto.
Signed-off-by: Sakib Sajal <[email protected]> Signed-off-by: Richard Purdie <[email protected]> --- meta/recipes-devtools/qemu/qemu.inc | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index fbda0c91741..3921546df75 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -76,6 +76,15 @@ CVE_CHECK_WHITELIST += "CVE-2007-0998" # https://bugzilla.redhat.com/show_bug.cgi?id=1609015#c11 CVE_CHECK_WHITELIST += "CVE-2018-18438" +# Following CVE's affect ESP (NCR53C90) part of chip STP2000 (Master I/O). +# On Sparc32 it is the NCR89C100 part of the chip. +# On Macintosh Quadra it is NCR53C96. +# Both are not supported by yocto. +# Reference: https://www.openwall.com/lists/oss-security/2021/04/16/3 +CVE_CHECK_WHITELIST += "CVE-2020-35504" +CVE_CHECK_WHITELIST += "CVE-2020-35505" +CVE_CHECK_WHITELIST += "CVE-2020-35506" + COMPATIBLE_HOST_mipsarchn32 = "null" COMPATIBLE_HOST_mipsarchn64 = "null" -- 2.30.2
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#152538): https://lists.openembedded.org/g/openembedded-core/message/152538 Mute This Topic: https://lists.openembedded.org/mt/83253530/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
