Hi Peter, It seems that cve-report.bbclass is already filtering out the CVEs based on the vendor. It would make explicit Whitelisting/Ignoring these CVEs redundant and thus my 4 commits can be skipped. Thanks for pointing it out!
Regards, Dhairya Nagodra > -----Original Message----- > From: [email protected] <openembedded- > [email protected]> On Behalf Of Peter Marko via > lists.openembedded.org > Sent: Friday, September 1, 2023 3:48 PM > To: Dhairya Nagodra -X (dnagodra - E-INFO CHIPS INC at Cisco) > <[email protected]>; [email protected]; > Steve Sakoman <[email protected]>; [email protected] > Cc: [email protected]; xe-linux-external(mailer list) <xe-linux- > [email protected]> > Subject: Re: [OE-core] [master] [PATCH] flex: Exclude CVE-2015-1773 from > cve-check. > > What's the reason for ignoring this CVE in all branches when CVE_PRODUCT = > "flex_project:flex" means it's not reported by cve-check? > Peter > > -----Original Message----- > From: [email protected] <openembedded- > [email protected]> On Behalf Of Dhairya Nagodra via > lists.openembedded.org > Sent: Friday, September 1, 2023 6:15 > To: Dhairya Nagodra -X (dnagodra - E-INFO CHIPS INC at Cisco) > <[email protected]>; [email protected]; > Steve Sakoman <[email protected]>; [email protected] > Cc: [email protected]; xe-linux-external(mailer list) <xe-linux- > [email protected]>; [email protected] > Subject: Re: [OE-core] [master] [PATCH] flex: Exclude CVE-2015-1773 from > cve-check. > > > Hi @Steve Sakoman @[email protected], > > > > Kindly consider this patch for "master" branch. > > Apologies for the error. > > > > > -----Original Message----- > > > From: [email protected] <openembedded- > > > [email protected]> On Behalf Of Dhairya Nagodra via > > > lists.openembedded.org > > > Sent: Friday, September 1, 2023 9:38 AM > > > To: [email protected] > > > Cc: [email protected]; xe-linux-external(mailer list) <xe-linux- > > > [email protected]>; Dhairya Nagodra -X (dnagodra - E-INFO CHIPS INC > > > at > > > Cisco) <[email protected]> > > > Subject: [OE-core] [dunfell] [PATCH] flex: Exclude CVE-2015-1773 > > > from > > > cve- check. > > > > > > Issue only affects Apache. > > > > > > Signed-off-by: Dhairya Nagodra <[email protected]> > > > --- > > > meta/recipes-devtools/flex/flex_2.6.4.bb | 2 ++ > > > 1 file changed, 2 insertions(+) > > > > > > diff --git a/meta/recipes-devtools/flex/flex_2.6.4.bb > > > b/meta/recipes- devtools/flex/flex_2.6.4.bb index > > > 1ac88d65ef..5be7351f4c 100644 > > > --- a/meta/recipes-devtools/flex/flex_2.6.4.bb > > > +++ b/meta/recipes-devtools/flex/flex_2.6.4.bb > > > @@ -31,6 +31,8 @@ CVE_STATUS[CVE-2019-6293] = "upstream-wontfix: \ > > > there is stack exhaustion but no bug and it is building the \ > > > parser, not running it, effectively similar to a compiler ICE. > > > Upstream no plans to address this." > > > > > > +CVE_STATUS[CVE-2015-1773] = "not-applicable-platform: Issue only > > > +affects > > > Apache." > > > + > > > inherit autotools gettext texinfo ptest github-releases > > > > > > M4 = "${bindir}/m4" > > > -- > > > 2.35.6
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#187005): https://lists.openembedded.org/g/openembedded-core/message/187005 Mute This Topic: https://lists.openembedded.org/mt/101088488/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
