Details: https://nvd.nist.gov/vuln/detail/CVE-2022-43410
The vulnerability affects only the Mercurial Jenkins plugin, which is a different project. This CVE can be ignored in this recipe. Signed-off-by: Gyorgy Sarvari <[email protected]> --- meta-oe/recipes-devtools/mercurial/mercurial_6.1.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-oe/recipes-devtools/mercurial/mercurial_6.1.bb b/meta-oe/recipes-devtools/mercurial/mercurial_6.1.bb index 3abecc3054..d118fed6ad 100644 --- a/meta-oe/recipes-devtools/mercurial/mercurial_6.1.bb +++ b/meta-oe/recipes-devtools/mercurial/mercurial_6.1.bb @@ -35,3 +35,5 @@ FILES:${PN} += "${PYTHON_SITEPACKAGES_DIR}" FILES:${PN}-python = "${nonarch_libdir}/${PYTHON_DIR}" +# The CVE is for Jenkins plugin, not the SCM +CVE_CHECK_IGNORE = "CVE-2022-43410"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#124392): https://lists.openembedded.org/g/openembedded-devel/message/124392 Mute This Topic: https://lists.openembedded.org/mt/117794332/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
