Hi Rahul, Looks good to me.
Thanks & Regards, Purushottam ________________________________ From: Rahul <[email protected]> Sent: Monday, June 14, 2021 4:45 PM To: [email protected] <[email protected]>; [email protected] <[email protected]> Cc: Nisha Parrakat <[email protected]>; Purushottam Choudhary <[email protected]>; Rahul Taya <[email protected]> Subject: [meta-oe][dunfell][PATCH] protobuf: Whitelist CVE-2015-5237 As per below reference links this CVE issue seems to be minor and harmless and as per upstream this is not a real issue in practice. And as per red hat this issue is marked as low severity. 1. https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.suse.com%2Fshow_bug.cgi%3Fid%3DCVE-2015-5237&data=04%7C01%7Cpurushottam.choudhary%40kpit.com%7C8eaaa022c7434e8c8d4808d92f25b834%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637592661322740590%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=oE1VI2w%2FlOIZ%2FmkpVL%2FZaq9aw%2FGcV4b0edHV0mmJk0o%3D&reserved=0 2. https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2015-5237&data=04%7C01%7Cpurushottam.choudhary%40kpit.com%7C8eaaa022c7434e8c8d4808d92f25b834%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637592661322740590%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=WSLRqApgOA9Tu9FBP9e66uhyY3cJUOd9SyXFD0LEn1c%3D&reserved=0 3. https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fubuntu.com%2Fsecurity%2FCVE-2015-5237&data=04%7C01%7Cpurushottam.choudhary%40kpit.com%7C8eaaa022c7434e8c8d4808d92f25b834%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637592661322740590%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=oSir0LEkiJCeUJtq6IFCwZjY%2Blux%2FuBqN49vCHai%2FR8%3D&reserved=0 4. https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fprotocolbuffers%2Fprotobuf%2Fissues%2F760&data=04%7C01%7Cpurushottam.choudhary%40kpit.com%7C8eaaa022c7434e8c8d4808d92f25b834%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637592661322740590%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=b8Pg5FwlWu0AutQbFJ6RvukNlC7np%2FrLgHu5wcr9Luc%3D&reserved=0 Signed-off-by: Rahul Taya <[email protected]> --- meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb b/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb index 4d6c5b255..f845a72a0 100644 --- a/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb +++ b/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb @@ -88,3 +88,11 @@ LDFLAGS_append_arm = " -latomic" LDFLAGS_append_mips = " -latomic" LDFLAGS_append_powerpc = " -latomic" LDFLAGS_append_mipsel = " -latomic" + +# As per below links this issue is minor and harmless and +# as per upstream this is not a real issue in practice. +# https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.suse.com%2Fshow_bug.cgi%3Fid%3DCVE-2015-5237&data=04%7C01%7Cpurushottam.choudhary%40kpit.com%7C8eaaa022c7434e8c8d4808d92f25b834%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637592661322740590%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=oE1VI2w%2FlOIZ%2FmkpVL%2FZaq9aw%2FGcV4b0edHV0mmJk0o%3D&reserved=0 +# https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2015-5237&data=04%7C01%7Cpurushottam.choudhary%40kpit.com%7C8eaaa022c7434e8c8d4808d92f25b834%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637592661322740590%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=WSLRqApgOA9Tu9FBP9e66uhyY3cJUOd9SyXFD0LEn1c%3D&reserved=0 +# https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fubuntu.com%2Fsecurity%2FCVE-2015-5237&data=04%7C01%7Cpurushottam.choudhary%40kpit.com%7C8eaaa022c7434e8c8d4808d92f25b834%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637592661322750585%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=8EWGOaenFikIjMC6BTEwwTSyQp1kcYXMkHyRVbVPZWM%3D&reserved=0 +# https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fprotocolbuffers%2Fprotobuf%2Fissues%2F760&data=04%7C01%7Cpurushottam.choudhary%40kpit.com%7C8eaaa022c7434e8c8d4808d92f25b834%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637592661322750585%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=0vLwqC9ouL%2F1%2BskVdFJOeE9KCAvF25SBDpazy5ojao4%3D&reserved=0 +CVE_CHECK_WHITELIST += "CVE-2015-5237" -- 2.17.1 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#152931): https://lists.openembedded.org/g/openembedded-core/message/152931 Mute This Topic: https://lists.openembedded.org/mt/83527371/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
