Hi Ross,
I think this one is better -
https://lists.openembedded.org/g/openembedded-core/message/193603
I'm not sure why it was not picked up yet after 9 days, but It's CPE which is
not matching, not our configuration options...
Peter
-----Original Message-----
From: openembedded-core@lists.openembedded.org
<openembedded-core@lists.openembedded.org> On Behalf Of Ross Burton via
lists.openembedded.org
Sent: Monday, January 22, 2024 15:04
To: openembedded-core@lists.openembedded.org
Subject: [OE-core] [PATCH 3/5] zlib: ignore CVE-2023-6992
> From: Ross Burton <ross.bur...@arm.com>
>
> This issue is specific to the Cloudflare fork of zlib.
>
> Signed-off-by: Ross Burton <ross.bur...@arm.com>
> ---
> meta/recipes-core/zlib/zlib_1.3.bb | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/meta/recipes-core/zlib/zlib_1.3.bb
> b/meta/recipes-core/zlib/zlib_1.3.bb
> index 1ed18172faa..9db5588d66a 100644
> --- a/meta/recipes-core/zlib/zlib_1.3.bb
> +++ b/meta/recipes-core/zlib/zlib_1.3.bb
> @@ -47,3 +47,4 @@ do_install_ptest() {
> BBCLASSEXTEND = "native nativesdk"
>
> CVE_STATUS[CVE-2023-45853] = "not-applicable-config: we don't build minizip"
> +CVE_STATUS[CVE-2023-6992] = "not-applicable-config: specific to the
> Cloudflare fork"
> --
> 2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#194167):
https://lists.openembedded.org/g/openembedded-core/message/194167
Mute This Topic: https://lists.openembedded.org/mt/103886356/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
