On 6/14/21 3:46 AM, RAHUL taya wrote: > As per below reference links this CVE issue seems to be minor and > harmless and as per upstream this is not a real issue in practice. > > And as per red hat this issue is marked as low severity. > > 1. https://bugzilla.suse.com/show_bug.cgi?id=CVE-2015-5237 > 2. https://security-tracker.debian.org/tracker/CVE-2015-5237 > 3. https://ubuntu.com/security/CVE-2015-5237 > 4. https://github.com/protocolbuffers/protobuf/issues/760 Thanks,
Please use the [email protected] for meta-oe patches. -armin > > Upstream-Status: Pending > > Signed-off-by: Rahul Taya <[email protected]> > --- > meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb > b/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb > index 4d6c5b255..f845a72a0 100644 > --- a/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb > +++ b/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb > @@ -88,3 +88,11 @@ LDFLAGS_append_arm = " -latomic" > LDFLAGS_append_mips = " -latomic" > LDFLAGS_append_powerpc = " -latomic" > LDFLAGS_append_mipsel = " -latomic" > + > +# As per below links this issue is minor and harmless and > +# as per upstream this is not a real issue in practice. > +# https://bugzilla.suse.com/show_bug.cgi?id=CVE-2015-5237 > +# https://security-tracker.debian.org/tracker/CVE-2015-5237 > +# https://ubuntu.com/security/CVE-2015-5237 > +# https://github.com/protocolbuffers/protobuf/issues/760 > +CVE_CHECK_WHITELIST += "CVE-2015-5237" > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#152936): https://lists.openembedded.org/g/openembedded-core/message/152936 Mute This Topic: https://lists.openembedded.org/mt/83527371/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
