From: Ross Burton <[email protected]> These two CVEs are specific to the Node package node-tar.
Signed-off-by: Ross Burton <[email protected]> Signed-off-by: Richard Purdie <[email protected]> (cherry picked from commit bc7216e8148d0dee7b56e6851da6615e93647a0a) Signed-off-by: Anuj Mittal <[email protected]> --- meta/recipes-extended/tar/tar_1.34.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-extended/tar/tar_1.34.bb b/meta/recipes-extended/tar/tar_1.34.bb index af04919c41..66c11cbfea 100644 --- a/meta/recipes-extended/tar/tar_1.34.bb +++ b/meta/recipes-extended/tar/tar_1.34.bb @@ -61,3 +61,6 @@ PROVIDES_append_class-native = " tar-replacement-native" NATIVE_PACKAGE_PATH_SUFFIX = "/${PN}" BBCLASSEXTEND = "native nativesdk" + +# These are both specific to the NPM package node-tar +CVE_CHECK_WHITELIST += "CVE-2021-32803 CVE-2021-32804" -- 2.31.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155239): https://lists.openembedded.org/g/openembedded-core/message/155239 Mute This Topic: https://lists.openembedded.org/mt/85114695/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
