From: Ross Burton <[email protected]>

Do manual review and disposition these CVEs as appropriate.

Signed-off-by: Ross Burton <[email protected]>
---
 meta/conf/distro/include/cve-extra-exclusions.inc |  4 +---
 meta/recipes-kernel/linux/cve-exclusion.inc       | 12 ++++++++++++
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc 
b/meta/conf/distro/include/cve-extra-exclusions.inc
index 51926f342a1..cfee028e5ba 100644
--- a/meta/conf/distro/include/cve-extra-exclusions.inc
+++ b/meta/conf/distro/include/cve-extra-exclusions.inc
@@ -68,9 +68,7 @@ replacing bdb with supported and open source friendly 
alternatives. As a result
 CVE_STATUS_GROUPS += "CVE_STATUS_KERNEL_HISTORIC"
 
 CVE_STATUS_KERNEL_HISTORIC = "CVE-1999-0524 CVE-1999-0656 CVE-2006-2932 
CVE-2007-2764 CVE-2007-4998 \ 
-                              CVE-2008-2544 CVE-2008-4609 CVE-2010-0298 
CVE-2010-4563 CVE-2011-0640 \
-                              CVE-2014-2648 CVE-2016-0774 CVE-2016-3695 
CVE-2016-3699 CVE-2017-1000377 \
-                              CVE-2017-6264"
+                              CVE-2008-2544 CVE-2008-4609 CVE-2010-0298 
CVE-2010-4563 CVE-2011-0640"
 CVE_STATUS_KERNEL_HISTORIC[status] = "ignored"
 
 
diff --git a/meta/recipes-kernel/linux/cve-exclusion.inc 
b/meta/recipes-kernel/linux/cve-exclusion.inc
index 42f1c195c9a..28f9c8ff2b6 100644
--- a/meta/recipes-kernel/linux/cve-exclusion.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion.inc
@@ -1,3 +1,15 @@
+CVE_STATUS[CVE-2014-2648] = "cpe-incorrect: not Linux"
+
+CVE_STATUS[CVE-2016-0774] = "ignored: result of incomplete backport"
+
+CVE_STATUS[CVE-2016-3695] = "not-applicable-platform: specific to RHEL with 
securelevel patches"
+
+CVE_STATUS[CVE-2016-3699] = "not-applicable-platform: specific to RHEL with 
securelevel patches"
+
+CVE_STATUS[CVE-2017-6264] = "not-applicable-platform: Android specific"
+
+CVE_STATUS[CVE-2017-1000377] = "not-applicable-platform: GRSecurity specific"
+
 CVE_STATUS[CVE-2018-6559] = "not-applicable-platform: Issue only affects 
Ubuntu"
 
 CVE_STATUS[CVE-2020-11935] = "not-applicable-config: Issue only affects aufs, 
which is not in linux-yocto"
-- 
2.34.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187193): 
https://lists.openembedded.org/g/openembedded-core/message/187193
Mute This Topic: https://lists.openembedded.org/mt/101157653/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to