-----Original Message----- From: [email protected] <[email protected]> On Behalf Of Dhairya Nagodra via lists.openembedded.org Sent: Friday, September 1, 2023 6:08 To: [email protected] Cc: [email protected]; [email protected]; Dhairya Nagodra <[email protected]> Subject: [OE-core] [dunfell] [PATCH] flex: Exclude CVE-2015-1773 from cve-check.
> Issue only affects Apache. > > Signed-off-by: Dhairya Nagodra <[email protected]> > --- > meta/recipes-devtools/flex/flex_2.6.4.bb | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/meta/recipes-devtools/flex/flex_2.6.4.bb > b/meta/recipes-devtools/flex/flex_2.6.4.bb > index 1ac88d65ef..5be7351f4c 100644 > --- a/meta/recipes-devtools/flex/flex_2.6.4.bb > +++ b/meta/recipes-devtools/flex/flex_2.6.4.bb > @@ -31,6 +31,8 @@ CVE_STATUS[CVE-2019-6293] = "upstream-wontfix: \ there is > stack exhaustion but no bug and it is building the \ parser, not running it, > effectively similar to a compiler ICE. Upstream no plans to address this." > > +CVE_STATUS[CVE-2015-1773] = "not-applicable-platform: Issue only affects > Apache." dunfell does not support CVE_STATUS flags, you need to use CVE_CHECK_WHITELIST Additionally, this CVE is not reported for current dunfell version as CVE_PRODUCT is set correctly. > + > inherit autotools gettext texinfo ptest github-releases > > M4 = "${bindir}/m4" > -- > 2.35.6
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#186998): https://lists.openembedded.org/g/openembedded-core/message/186998 Mute This Topic: https://lists.openembedded.org/mt/101088411/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
