From: Ross Burton <[email protected]> These two CVEs are specific to the Node package node-tar.
Signed-off-by: Ross Burton <[email protected]> Signed-off-by: Richard Purdie <[email protected]> (cherry picked from commit bc7216e8148d0dee7b56e6851da6615e93647a0a) Signed-off-by: Steve Sakoman <[email protected]> --- meta/recipes-extended/tar/tar_1.32.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-extended/tar/tar_1.32.bb b/meta/recipes-extended/tar/tar_1.32.bb index 3ae6d674a5..0fe0b801c2 100644 --- a/meta/recipes-extended/tar/tar_1.32.bb +++ b/meta/recipes-extended/tar/tar_1.32.bb @@ -65,3 +65,6 @@ PROVIDES_append_class-native = " tar-replacement-native" NATIVE_PACKAGE_PATH_SUFFIX = "/${PN}" BBCLASSEXTEND = "native nativesdk" + +# These are both specific to the NPM package node-tar +CVE_CHECK_WHITELIST += "CVE-2021-32803 CVE-2021-32804" -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#154988): https://lists.openembedded.org/g/openembedded-core/message/154988 Mute This Topic: https://lists.openembedded.org/mt/85004760/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
