From: Armin Kuster <[email protected]> These three CVEs are specific to the Node package node-tar.
exclude: CVE-2021-37701 CVE-2021-37712 CVE-2021-37713 Signed-off-by: Armin Kuster <[email protected]> Signed-off-by: Richard Purdie <[email protected]> (cherry picked from commit 9f9317a02d73c1e5aea026683a037e52c996c7bb) Signed-off-by: Steve Sakoman <[email protected]> --- meta/recipes-extended/tar/tar_1.32.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-extended/tar/tar_1.32.bb b/meta/recipes-extended/tar/tar_1.32.bb index 0fe0b801c2..87eb8b4188 100644 --- a/meta/recipes-extended/tar/tar_1.32.bb +++ b/meta/recipes-extended/tar/tar_1.32.bb @@ -68,3 +68,4 @@ BBCLASSEXTEND = "native nativesdk" # These are both specific to the NPM package node-tar CVE_CHECK_WHITELIST += "CVE-2021-32803 CVE-2021-32804" +CVE_CHECK_WHITELIST += "CVE-2021-37701 CVE-2021-37712 CVE-2021-37713" -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#156310): https://lists.openembedded.org/g/openembedded-core/message/156310 Mute This Topic: https://lists.openembedded.org/mt/85839970/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
