On Tue, Oct 04, 2022 at 09:33:15AM +0000, Ross Burton wrote: > > On 4 Oct 2022, at 07:24, Mathieu Dubois-Briand via lists.openembedded.org > <[email protected]> wrote: > > +# Fix merged upstream https://github.com/Mbed-TLS/mbedtls/pull/5310 > > +CVE_CHECK_IGNORE += "CVE-2021-43666" > > +# Fix merged upstream > > https://github.com/Mbed-TLS/mbedtls/commit/9a4a9c66a48edfe9ece03c7e4a53310adf73a86c > > +CVE_CHECK_IGNORE += "CVE-2021-45451" > > If possible it’s best to contact NIST and get the CPE entries updated instead > of whitelisting, as more accurate data is always better. It’s complicated in > this situation because of the backports, but I’ve mailed them to see what can > be done. > > Ross >
Yes, makes sense. We can skip this patch if we manage to have the CPE fixed. Mathieu
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#99063): https://lists.openembedded.org/g/openembedded-devel/message/99063 Mute This Topic: https://lists.openembedded.org/mt/94108607/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
