From: Mathieu Dubois-Briand <[email protected]> These CVEs only affect libnssdbm, compiled when --enable-legacy-db is used.
https://bugzilla.mozilla.org/show_bug.cgi?id=1360782#c6 https://bugzilla.mozilla.org/show_bug.cgi?id=1360778#c8 https://bugzilla.mozilla.org/show_bug.cgi?id=1360900#c6 https://bugzilla.mozilla.org/show_bug.cgi?id=1360779#c9 Signed-off-by: Mathieu Dubois-Briand <[email protected]> Signed-off-by: Khem Raj <[email protected]> (cherry picked from commit 90645db2fa078b50ec6807c75acea913b49ea669) Signed-off-by: Armin Kuster <[email protected]> --- meta-oe/recipes-support/nss/nss_3.74.bb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/meta-oe/recipes-support/nss/nss_3.74.bb b/meta-oe/recipes-support/nss/nss_3.74.bb index 73701393e6..4a9482fca4 100644 --- a/meta-oe/recipes-support/nss/nss_3.74.bb +++ b/meta-oe/recipes-support/nss/nss_3.74.bb @@ -284,3 +284,7 @@ CVE_PRODUCT += "network_security_services" # CVE-2006-5201 affects only Sun Solaris CVE_CHECK_IGNORE += "CVE-2006-5201" + +# CVES CVE-2017-11695 CVE-2017-11696 CVE-2017-11697 CVE-2017-11698 only affect +# the legacy db (libnssdbm), only compiled with --enable-legacy-db. +CVE_CHECK_IGNORE += "CVE-2017-11695 CVE-2017-11696 CVE-2017-11697 CVE-2017-11698" -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#100471): https://lists.openembedded.org/g/openembedded-devel/message/100471 Mute This Topic: https://lists.openembedded.org/mt/96132648/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
