From: Sana Kazi <[email protected]> CVE-2007-0613 is not applicable as it only affects Apple products i.e. ichat,mdnsresponder, instant message framework and MacOS. Also, https://www.exploit-db.com/exploits/3230 shows the part of code affected by CVE-2007-0613 which is not preset in upstream source code. Hence, CVE-2007-0613 does not affect other Yocto implementations and is not reported for other distros can be marked whitelisted. Links: https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613 https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2007-0613 https://security-tracker.debian.org/tracker/CVE-2007-0613 https://ubuntu.com/security/CVE-2007-0613 https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
Signed-off-by: Sana Kazi <[email protected]> Signed-off-by: Khem Raj <[email protected]> (cherry picked from commit f37e5423da984b7dc721d52f04673d3afc0879a1) Signed-off-by: Armin Kuster <[email protected]> --- .../recipes-protocols/mdns/mdns_1096.40.7.bb | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/meta-networking/recipes-protocols/mdns/mdns_1096.40.7.bb b/meta-networking/recipes-protocols/mdns/mdns_1096.40.7.bb index 086b408692f..d00c8bbfd9a 100644 --- a/meta-networking/recipes-protocols/mdns/mdns_1096.40.7.bb +++ b/meta-networking/recipes-protocols/mdns/mdns_1096.40.7.bb @@ -27,6 +27,19 @@ SRC_URI[sha256sum] = "b86f4816b4145915198e7c5bf0bc56dbbfd960e9a4518bb6486baa40cd CVE_PRODUCT = "apple:mdnsresponder" +# CVE-2007-0613 is not applicable as it only affects Apple products +# i.e. ichat,mdnsresponder, instant message framework and MacOS. +# Also, https://www.exploit-db.com/exploits/3230 shows the part of code +# affected by CVE-2007-0613 which is not preset in upstream source code. +# Hence, CVE-2007-0613 does not affect other Yocto implementations and +# is not reported for other distros can be marked whitelisted. +# Links: +# https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613 +# https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2007-0613 +# https://security-tracker.debian.org/tracker/CVE-2007-0613 +# https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613 +CVE_CHECK_WHITELIST += "CVE-2007-0613" + PARALLEL_MAKE = "" S = "${WORKDIR}/mDNSResponder-${PV}/mDNSPosix" -- 2.17.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#90506): https://lists.openembedded.org/g/openembedded-devel/message/90506 Mute This Topic: https://lists.openembedded.org/mt/81794019/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
