On Tue, Oct 04, 2022 at 08:28:43AM +0200, Mathieu Dubois-Briand via lists.openembedded.org wrote: > Signed-off-by: Mathieu Dubois-Briand <[email protected]> > --- > .../recipes-connectivity/mbedtls/mbedtls_2.16.12.bb | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.16.12.bb > b/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.16.12.bb > index 264e8abc15fc..7c61b1bfa7cf 100644 > --- a/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.16.12.bb > +++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.16.12.bb > @@ -49,3 +49,6 @@ FILES_${PN}-programs = "${bindir}/" > BBCLASSEXTEND = "native nativesdk" > > CVE_PRODUCT = "mbed_tls" > + > +# Fix merged upstream https://github.com/Mbed-TLS/mbedtls/pull/5311 > +CVE_CHECK_WHITELIST += "CVE-2021-43666" > -- > 2.34.1 >
On the equivalent patch set against master branch, Ross Burton suggested to not add the CVE to the white list but instead get the CPE modified. We might want to do the same thing here. Best regards, Mathieu
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#99064): https://lists.openembedded.org/g/openembedded-devel/message/99064 Mute This Topic: https://lists.openembedded.org/mt/94131440/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
