On Tue, Jul 5, 2022 at 2:31 PM <[email protected]> wrote: > > I used the cve check class by including it in the local.conf and then ran the > bitbake build process for my image. I got a log of all the detected CVEs in > the packages used in the build. However, on closer inspection, I noticed that > the packages used in the build are already higher version than when the CVE > was patched. Here is an example: > > LAYER: meta > PACKAGE NAME: libksba > PACKAGE VERSION: 1.6.0 > CVE: CVE-2016-4355 > CVE STATUS: Patched
Hello Gaurav, The CVE STATUS "Patched" means that there was an issue in the past, but it is either fixed or otherwise mitigated. Open issues are marked as "Unpatched". If you'd like to see only Unpatched issues in the report, please use CVE_CHECK_REPORT_PATCHED = "0" in your local.conf or other place you have your OE configuration from. Kind regards, Marta
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#57460): https://lists.yoctoproject.org/g/yocto/message/57460 Mute This Topic: https://lists.yoctoproject.org/mt/92183457/21656 Mute #yocto:https://lists.yoctoproject.org/g/yocto/mutehashtag/yocto Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
