[OE-core][dunfell 03/33] gstreamer: ignore CVE-2021-3497, CVE-2021-3498, and CVE-2021-3522

Steve Sakoman Thu, 05 Aug 2021 08:35:14 -0700

CPE entries for gst-plugins-* are listed as gstreamer issues
so we need to ignore the false hits for the CVEs we've patched
in plugins recipes


Signed-off-by: Steve Sakoman <st...@sakoman.com>
---
 meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.3.bb | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.3.bb 
b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.3.bb
index 7afe56cd7b..a516fabdaf 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.3.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.3.bb
@@ -74,4 +74,13 @@ FILES_${PN}-dbg += "${datadir}/gdb 
${datadir}/gstreamer-1.0/gdb"
 
 CVE_PRODUCT = "gstreamer"
 
+# CPE entries for gst-plugins-base are listed as gstreamer issues
+# so we need to ignore the false hits
+CVE_CHECK_WHITELIST += "CVE-2021-3522"
+
+# CPE entries for gst-plugins-good are listed as gstreamer issues
+# so we need to ignore the false hits
+CVE_CHECK_WHITELIST += "CVE-2021-3497"
+CVE_CHECK_WHITELIST += "CVE-2021-3498"
+
 require gstreamer1.0-ptest.inc
-- 
2.25.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154484): 
https://lists.openembedded.org/g/openembedded-core/message/154484
Mute This Topic: https://lists.openembedded.org/mt/84687201/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 03/33] gstreamer: ignore CVE-2021-3497, CVE-2021-3498, and CVE-2021-3522

Reply via email to