Everyone I've talked to doesn't see this as a major issue. The CVE asks for a documentation improvement on the --mirror option to git clone as deleted content could be leaked into a mirror. For OE's general users/use cases, we wouldn't build or ship docs so this wouldn't affect us.
Signed-off-by: Richard Purdie <[email protected]> --- meta/recipes-devtools/git/git_2.35.1.bb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/meta/recipes-devtools/git/git_2.35.1.bb b/meta/recipes-devtools/git/git_2.35.1.bb index 47c22118640..e39142128b3 100644 --- a/meta/recipes-devtools/git/git_2.35.1.bb +++ b/meta/recipes-devtools/git/git_2.35.1.bb @@ -18,6 +18,11 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=7c0d7ef03a7eb04ce795b0f60e68e7e1" CVE_PRODUCT = "git-scm:git" +# This is about a manpage not mentioning --mirror may "leak" information +# in mirrored git repos. Most OE users wouldn't build the docs and +# we don't see this as a major issue for our general users/usecases. +CVE_CHECK_IGNORE += "CVE-2022-24975" + PACKAGECONFIG ??= "expat curl" PACKAGECONFIG[cvsserver] = "" PACKAGECONFIG[svn] = "" -- 2.32.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#164262): https://lists.openembedded.org/g/openembedded-core/message/164262 Mute This Topic: https://lists.openembedded.org/mt/90415219/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
