On Tue, Mar 14, 2023 at 5:07 AM Valek, Andrej <[email protected]> wrote: > > Hello Steve, > > Ok, looks like I received a wrong notification, sorry. So you can keep > there only the 42916. > Basically all the HSTS check features are not implemented in the 7.69.1 > version.
I still have the same comment on how we should handle this issue: > > > Is this due to an error in the CPE database? If so, perhaps the > > > better approach would be to send a version correction request to > > > [email protected] Steve > > > > Signed-off-by: Andrej Valek <[email protected]> > > > > --- > > > > meta/recipes-support/curl/curl_7.69.1.bb | 3 +++ > > > > 1 file changed, 3 insertions(+) > > > > > > > > diff --git a/meta/recipes-support/curl/curl_7.69.1.bb > > > > b/meta/recipes-support/curl/curl_7.69.1.bb > > > > index 899daf8eac..ea36c0bd3d 100644 > > > > --- a/meta/recipes-support/curl/curl_7.69.1.bb > > > > +++ b/meta/recipes-support/curl/curl_7.69.1.bb > > > > @@ -56,6 +56,9 @@ CVE_CHECK_WHITELIST = "CVE-2021-22922 CVE-2021- > > > > 22923 CVE-2021-22926 CVE-2021-229 > > > > # This CVE issue affects Windows only Hence whitelisting this > > > > CVE > > > > CVE_CHECK_WHITELIST += "CVE-2021-22897" > > > > > > > > +# HSTS check feature is not implemented > > > > +CVE_CHECK_WHITELIST += "CVE-2022-42915 CVE-2022-42916 CVE-2022- > > > > 43551" > > > > + > > > > inherit autotools pkgconfig binconfig multilib_header > > > > > > > > PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', > > > > d)} gnutls libidn proxy threaded-resolver verbose zlib" > > > > -- > > > > 2.39.2 > > > > > > > > > > > > > > > > > > > > > > > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#178499): https://lists.openembedded.org/g/openembedded-core/message/178499 Mute This Topic: https://lists.openembedded.org/mt/97516349/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
