The patch author seems a bit mangled by ML, see: author [email protected] <schitrod= [email protected]> 2023-05-27 22:52:52 -0700 https://git.openembedded.org/openembedded-core/commit/?h=master-next&id=5f15caa526bb57070b9abb9ba2f488ee1bfb5372
Is it correct? On Sun, May 28, 2023 at 7:53 AM Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) via lists.openembedded.org <schitrod= [email protected]> wrote: > This CVE is applicable to "SQLite3 bindings for Node.js" only. > > References: > https://nvd.nist.gov/vuln/detail/CVE-2022-21227 > > Signed-off-by: Sanjay Chitroda <[email protected]> > --- > meta/recipes-support/sqlite/sqlite3_3.41.2.bb | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/meta/recipes-support/sqlite/sqlite3_3.41.2.bb > b/meta/recipes-support/sqlite/sqlite3_3.41.2.bb > index b09e8e7f55..11bc8bb4c0 100644 > --- a/meta/recipes-support/sqlite/sqlite3_3.41.2.bb > +++ b/meta/recipes-support/sqlite/sqlite3_3.41.2.bb > @@ -12,3 +12,6 @@ CVE_CHECK_IGNORE += "CVE-2019-19242" > CVE_CHECK_IGNORE += "CVE-2015-3717" > # Issue in an experimental extension we don't have/use. Fixed by > https://sqlite.org/src/info/b1e0c22ec981cf5f > CVE_CHECK_IGNORE += "CVE-2021-36690" > +# As per https://nvd.nist.gov/vuln/detail/CVE-2022-21227 > +# this bug is applicable to SQLite3 Node.js > +CVE_CHECK_IGNORE += "CVE-2022-21227" > -- > 2.35.6 > > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#181852): https://lists.openembedded.org/g/openembedded-core/message/181852 Mute This Topic: https://lists.openembedded.org/mt/99178473/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
