The patch author seems a bit mangled by ML, see: author schitrod=cisco....@lists.openembedded.org <schitrod= cisco....@lists.openembedded.org> 2023-05-27 22:52:52 -0700 https://git.openembedded.org/openembedded-core/commit/?h=master-next&id=5f15caa526bb57070b9abb9ba2f488ee1bfb5372
Is it correct? On Sun, May 28, 2023 at 7:53 AM Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) via lists.openembedded.org <schitrod= cisco....@lists.openembedded.org> wrote: > This CVE is applicable to "SQLite3 bindings for Node.js" only. > > References: > https://nvd.nist.gov/vuln/detail/CVE-2022-21227 > > Signed-off-by: Sanjay Chitroda <schit...@cisco.com> > --- > meta/recipes-support/sqlite/sqlite3_3.41.2.bb | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/meta/recipes-support/sqlite/sqlite3_3.41.2.bb > b/meta/recipes-support/sqlite/sqlite3_3.41.2.bb > index b09e8e7f55..11bc8bb4c0 100644 > --- a/meta/recipes-support/sqlite/sqlite3_3.41.2.bb > +++ b/meta/recipes-support/sqlite/sqlite3_3.41.2.bb > @@ -12,3 +12,6 @@ CVE_CHECK_IGNORE += "CVE-2019-19242" > CVE_CHECK_IGNORE += "CVE-2015-3717" > # Issue in an experimental extension we don't have/use. Fixed by > https://sqlite.org/src/info/b1e0c22ec981cf5f > CVE_CHECK_IGNORE += "CVE-2021-36690" > +# As per https://nvd.nist.gov/vuln/detail/CVE-2022-21227 > +# this bug is applicable to SQLite3 Node.js > +CVE_CHECK_IGNORE += "CVE-2022-21227" > -- > 2.35.6 > > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#181852): https://lists.openembedded.org/g/openembedded-core/message/181852 Mute This Topic: https://lists.openembedded.org/mt/99178473/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-