Remove some obsolete CVE ignores now that releases have been made, CPEs updated, or upgrades done:
CVE-2020-10029 is marked as fixed in 2.32. CVE-2021-27645 is marked as fixed in 2.34. CVE-2022-39046 is marked as fixed in 2.37. Signed-off-by: Ross Burton <[email protected]> --- meta/recipes-core/glibc/glibc_2.37.bb | 5 ----- 1 file changed, 5 deletions(-) diff --git a/meta/recipes-core/glibc/glibc_2.37.bb b/meta/recipes-core/glibc/glibc_2.37.bb index 31c94929b93..762a2793ad3 100644 --- a/meta/recipes-core/glibc/glibc_2.37.bb +++ b/meta/recipes-core/glibc/glibc_2.37.bb @@ -1,8 +1,6 @@ require glibc.inc require glibc-version.inc -CVE_CHECK_IGNORE += "CVE-2020-10029 CVE-2021-27645" - # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010022 # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010023 # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010024 @@ -16,9 +14,6 @@ CVE_CHECK_IGNORE += "CVE-2019-1010022 CVE-2019-1010023 CVE-2019-1010024" # Potential patch at https://sourceware.org/bugzilla/show_bug.cgi?id=22853 CVE_CHECK_IGNORE += "CVE-2019-1010025" -# This has been integrated into the 2.36 branch as of c399271 so is now fixed -CVE_CHECK_IGNORE += "CVE-2022-39046" - # This is integrated into the 2.37 branch as of 07b9521fc6 CVE_CHECK_IGNORE += "CVE-2023-25139" -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#177801): https://lists.openembedded.org/g/openembedded-core/message/177801 Mute This Topic: https://lists.openembedded.org/mt/97269645/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
