On 4 Oct 2022, at 07:24, Mathieu Dubois-Briand via lists.openembedded.org <[email protected]> wrote: > +# Fix merged upstream https://github.com/Mbed-TLS/mbedtls/pull/5310 > +CVE_CHECK_IGNORE += "CVE-2021-43666" > +# Fix merged upstream > https://github.com/Mbed-TLS/mbedtls/commit/9a4a9c66a48edfe9ece03c7e4a53310adf73a86c > +CVE_CHECK_IGNORE += "CVE-2021-45451"
If possible it’s best to contact NIST and get the CPE entries updated instead of whitelisting, as more accurate data is always better. It’s complicated in this situation because of the backports, but I’ve mailed them to see what can be done. Ross
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#99058): https://lists.openembedded.org/g/openembedded-devel/message/99058 Mute This Topic: https://lists.openembedded.org/mt/94108607/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
