Hi Ross, I think this one is better - https://lists.openembedded.org/g/openembedded-core/message/193603 I'm not sure why it was not picked up yet after 9 days, but It's CPE which is not matching, not our configuration options...
Peter -----Original Message----- From: openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org> On Behalf Of Ross Burton via lists.openembedded.org Sent: Monday, January 22, 2024 15:04 To: openembedded-core@lists.openembedded.org Subject: [OE-core] [PATCH 3/5] zlib: ignore CVE-2023-6992 > From: Ross Burton <ross.bur...@arm.com> > > This issue is specific to the Cloudflare fork of zlib. > > Signed-off-by: Ross Burton <ross.bur...@arm.com> > --- > meta/recipes-core/zlib/zlib_1.3.bb | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/meta/recipes-core/zlib/zlib_1.3.bb > b/meta/recipes-core/zlib/zlib_1.3.bb > index 1ed18172faa..9db5588d66a 100644 > --- a/meta/recipes-core/zlib/zlib_1.3.bb > +++ b/meta/recipes-core/zlib/zlib_1.3.bb > @@ -47,3 +47,4 @@ do_install_ptest() { > BBCLASSEXTEND = "native nativesdk" > > CVE_STATUS[CVE-2023-45853] = "not-applicable-config: we don't build minizip" > +CVE_STATUS[CVE-2023-6992] = "not-applicable-config: specific to the > Cloudflare fork" > -- > 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#194167): https://lists.openembedded.org/g/openembedded-core/message/194167 Mute This Topic: https://lists.openembedded.org/mt/103886356/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-