Hi, I have proposed second commit to revert Revert "sqlite3: update CVE_PRODUCT" - Patchwork (yoctoproject.org)<https://patchwork.yoctoproject.org/project/oe-core/patch/[email protected]/>.
Once above commit is added on master then we don’t require to add this commit. As CVE-2022-21227 is detected due to above commit only. Thanks, Sanjay From: [email protected] <[email protected]> On Behalf Of Martin Jansa Sent: Monday, May 29, 2023 12:52 PM To: Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) <[email protected]> Cc: [email protected] Subject: Re: [OE-core][PATCH] sqlite3: Whitelist CVE-2022-21227 The patch author seems a bit mangled by ML, see: author [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> 2023-05-27 22:52:52 -0700 https://git.openembedded.org/openembedded-core/commit/?h=master-next&id=5f15caa526bb57070b9abb9ba2f488ee1bfb5372 Is it correct? On Sun, May 28, 2023 at 7:53 AM Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) via lists.openembedded.org<http://lists.openembedded.org> <[email protected]<mailto:[email protected]>> wrote: This CVE is applicable to "SQLite3 bindings for Node.js" only. References: https://nvd.nist.gov/vuln/detail/CVE-2022-21227 Signed-off-by: Sanjay Chitroda <[email protected]<mailto:[email protected]>> --- meta/recipes-support/sqlite/sqlite3_3.41.2.bb<http://sqlite3_3.41.2.bb> | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-support/sqlite/sqlite3_3.41.2.bb<http://sqlite3_3.41.2.bb> b/meta/recipes-support/sqlite/sqlite3_3.41.2.bb<http://sqlite3_3.41.2.bb> index b09e8e7f55..11bc8bb4c0 100644 --- a/meta/recipes-support/sqlite/sqlite3_3.41.2.bb<http://sqlite3_3.41.2.bb> +++ b/meta/recipes-support/sqlite/sqlite3_3.41.2.bb<http://sqlite3_3.41.2.bb> @@ -12,3 +12,6 @@ CVE_CHECK_IGNORE += "CVE-2019-19242" CVE_CHECK_IGNORE += "CVE-2015-3717" # Issue in an experimental extension we don't have/use. Fixed by https://sqlite.org/src/info/b1e0c22ec981cf5f CVE_CHECK_IGNORE += "CVE-2021-36690" +# As per https://nvd.nist.gov/vuln/detail/CVE-2022-21227 +# this bug is applicable to SQLite3 Node.js +CVE_CHECK_IGNORE += "CVE-2022-21227" -- 2.35.6
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#181856): https://lists.openembedded.org/g/openembedded-core/message/181856 Mute This Topic: https://lists.openembedded.org/mt/99178473/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
