CVE-2007-2728, CVE-2007-3205 and CVE-2007-4596 are patched in our version of php but they don't have a vulnerable version range in the NVD database, that's why they need to be ignored.
Signed-off-by: Davide Gardenal <[email protected]> --- meta-oe/recipes-devtools/php/php_8.1.7.bb | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/meta-oe/recipes-devtools/php/php_8.1.7.bb b/meta-oe/recipes-devtools/php/php_8.1.7.bb index 043f3a81b..963ba6f27 100644 --- a/meta-oe/recipes-devtools/php/php_8.1.7.bb +++ b/meta-oe/recipes-devtools/php/php_8.1.7.bb @@ -35,6 +35,12 @@ SRC_URI:append:class-target = " \ S = "${WORKDIR}/php-${PV}" SRC_URI[sha256sum] = "b816753eb005511e695d90945c27093c3236cc73db1262656d9fadd73ead7e9d" +CVE_CHECK_IGNORE += "\ + CVE-2007-2728 \ + CVE-2007-3205 \ + CVE-2007-4596 \ +" + inherit autotools pkgconfig python3native gettext # phpize is not scanned for absolute paths by default (but php-config is). -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#97873): https://lists.openembedded.org/g/openembedded-devel/message/97873 Mute This Topic: https://lists.openembedded.org/mt/92455822/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
