Hi Ross,

I think this one is better - 
https://lists.openembedded.org/g/openembedded-core/message/193603
I'm not sure why it was not picked up yet after 9 days, but It's CPE which is 
not matching, not our configuration options...

Peter

-----Original Message-----
From: openembedded-core@lists.openembedded.org 
<openembedded-core@lists.openembedded.org> On Behalf Of Ross Burton via 
lists.openembedded.org
Sent: Monday, January 22, 2024 15:04
To: openembedded-core@lists.openembedded.org
Subject: [OE-core] [PATCH 3/5] zlib: ignore CVE-2023-6992

> From: Ross Burton <ross.bur...@arm.com>
>
> This issue is specific to the Cloudflare fork of zlib.
>
> Signed-off-by: Ross Burton <ross.bur...@arm.com>
> ---
>  meta/recipes-core/zlib/zlib_1.3.bb | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/meta/recipes-core/zlib/zlib_1.3.bb 
> b/meta/recipes-core/zlib/zlib_1.3.bb
> index 1ed18172faa..9db5588d66a 100644
> --- a/meta/recipes-core/zlib/zlib_1.3.bb
> +++ b/meta/recipes-core/zlib/zlib_1.3.bb
> @@ -47,3 +47,4 @@ do_install_ptest() {
>  BBCLASSEXTEND = "native nativesdk"
>  
>  CVE_STATUS[CVE-2023-45853] = "not-applicable-config: we don't build minizip"
> +CVE_STATUS[CVE-2023-6992] = "not-applicable-config: specific to the 
> Cloudflare fork"
> -- 
> 2.34.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#194167): 
https://lists.openembedded.org/g/openembedded-core/message/194167
Mute This Topic: https://lists.openembedded.org/mt/103886356/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to