Details: https://nvd.nist.gov/vuln/detail/CVE-2017-20148
The issue is specific to the postinstall script that Gentoo packages with this application - we can ignore it. Signed-off-by: Gyorgy Sarvari <[email protected]> --- meta-perl/recipes-extended/logcheck/logcheck_1.3.23.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta-perl/recipes-extended/logcheck/logcheck_1.3.23.bb b/meta-perl/recipes-extended/logcheck/logcheck_1.3.23.bb index b40d52ab94..ce6118a12b 100644 --- a/meta-perl/recipes-extended/logcheck/logcheck_1.3.23.bb +++ b/meta-perl/recipes-extended/logcheck/logcheck_1.3.23.bb @@ -77,3 +77,6 @@ RDEPENDS:${PN} = "\ " FILES:${PN} += "${datadir}/logtail" + +# This vulnerability is specific to the way Gentoo packages this application. +CVE_CHECK_IGNORE += "CVE-2017-20148"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#121981): https://lists.openembedded.org/g/openembedded-devel/message/121981 Mute This Topic: https://lists.openembedded.org/mt/116428177/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
