On Tue, Feb 21, 2023 at 6:58 AM Hugo Simeliere via lists.openembedded.org <[email protected]> wrote: > > CVE already fixed in CVE-2022-39176.patch > > > > Signed-off-by: Hugo SIMELIERE <[email protected]> > > --- > > meta/recipes-connectivity/bluez5/bluez5_5.55.bb | 7 +++++++ > > 1 file changed, 7 insertions(+) > > > > diff --git a/meta/recipes-connectivity/bluez5/bluez5_5.55.bb > b/meta/recipes-connectivity/bluez5/bluez5_5.55.bb > > index e5353bd815..be74a35e0a 100644 > > --- a/meta/recipes-connectivity/bluez5/bluez5_5.55.bb > > +++ b/meta/recipes-connectivity/bluez5/bluez5_5.55.bb > > @@ -6,6 +6,13 @@ SRC_URI[sha256sum] = > "8863717113c4897e2ad3271fc808ea245319e6fd95eed2e934fae8e089 > Your mailer seems to be corrupting the patch:
Applying: bluez5: Exclude CVE-2022-39177 from cve-check error: corrupt patch at line 10 error: could not build fake ancestor Patch failed at 0001 bluez5: Exclude CVE-2022-39177 from cve-check Please correct and send a V2. Thanks! Steve > # These issues have kernel fixes rather than bluez fixes so exclude here > > CVE_CHECK_WHITELIST += "CVE-2020-12352 CVE-2020-24490" > > +# Commit 7a80d2096f1b7125085e21448112aa02f49f5e9a, > e2b0f0d8d63e1223bb714a9efb37e2257818268b > > +# and 0388794dc5fdb73a4ea88bcf148de0a12b4364d4 to fix CVE-2022-39177 > > +# already backport in CVE-2022-39176.patch > > +# https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968 > > + > > +CVE_CHECK_WHITELIST += "CVE-2022-39177" > > + > > # noinst programs in Makefile.tools that are conditional on READLINE > > # support > > NOINST_TOOLS_READLINE ?= " \ > > -- > > 2.25.1 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#177711): https://lists.openembedded.org/g/openembedded-core/message/177711 Mute This Topic: https://lists.openembedded.org/mt/97113394/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
