What's the reason for ignoring this CVE in all branches when CVE_PRODUCT = "flex_project:flex" means it's not reported by cve-check? Peter
-----Original Message----- From: [email protected] <[email protected]> On Behalf Of Dhairya Nagodra via lists.openembedded.org Sent: Friday, September 1, 2023 6:15 To: Dhairya Nagodra -X (dnagodra - E-INFO CHIPS INC at Cisco) <[email protected]>; [email protected]; Steve Sakoman <[email protected]>; [email protected] Cc: [email protected]; xe-linux-external(mailer list) <[email protected]>; [email protected] Subject: Re: [OE-core] [master] [PATCH] flex: Exclude CVE-2015-1773 from cve-check. > Hi @Steve Sakoman @[email protected], > > Kindly consider this patch for "master" branch. > Apologies for the error. > > > -----Original Message----- > > From: [email protected] <openembedded- > > [email protected]> On Behalf Of Dhairya Nagodra via > > lists.openembedded.org > > Sent: Friday, September 1, 2023 9:38 AM > > To: [email protected] > > Cc: [email protected]; xe-linux-external(mailer list) <xe-linux- > > [email protected]>; Dhairya Nagodra -X (dnagodra - E-INFO CHIPS INC > > at > > Cisco) <[email protected]> > > Subject: [OE-core] [dunfell] [PATCH] flex: Exclude CVE-2015-1773 from > > cve- check. > > > > Issue only affects Apache. > > > > Signed-off-by: Dhairya Nagodra <[email protected]> > > --- > > meta/recipes-devtools/flex/flex_2.6.4.bb | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/meta/recipes-devtools/flex/flex_2.6.4.bb b/meta/recipes- > > devtools/flex/flex_2.6.4.bb index 1ac88d65ef..5be7351f4c 100644 > > --- a/meta/recipes-devtools/flex/flex_2.6.4.bb > > +++ b/meta/recipes-devtools/flex/flex_2.6.4.bb > > @@ -31,6 +31,8 @@ CVE_STATUS[CVE-2019-6293] = "upstream-wontfix: \ > > there is stack exhaustion but no bug and it is building the \ parser, > > not running it, effectively similar to a compiler ICE. Upstream no > > plans to address this." > > > > +CVE_STATUS[CVE-2015-1773] = "not-applicable-platform: Issue only > > +affects > > Apache." > > + > > inherit autotools gettext texinfo ptest github-releases > > > > M4 = "${bindir}/m4" > > -- > > 2.35.6
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#187001): https://lists.openembedded.org/g/openembedded-core/message/187001 Mute This Topic: https://lists.openembedded.org/mt/101088488/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
