diff options
Diffstat (limited to 'poky/meta/conf/distro/include/cve-extra-exclusions.inc')
-rw-r--r-- | poky/meta/conf/distro/include/cve-extra-exclusions.inc | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/poky/meta/conf/distro/include/cve-extra-exclusions.inc b/poky/meta/conf/distro/include/cve-extra-exclusions.inc index 993ee2811a..8b5f8d49b8 100644 --- a/poky/meta/conf/distro/include/cve-extra-exclusions.inc +++ b/poky/meta/conf/distro/include/cve-extra-exclusions.inc @@ -90,24 +90,24 @@ CVE_CHECK_IGNORE += "CVE-2022-0185 CVE-2022-0264 CVE-2022-0286 CVE-2022-0330 CVE CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVE-2022-28796 CVE-2022-28893 CVE-2022-29156 \ CVE-2022-29582 CVE-2022-29968" -#### CPE update pending #### - -# groff:groff-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0803 -# Appears it was fixed in https://git.savannah.gnu.org/cgit/groff.git/commit/?id=07f95f1674217275ed4612f1dcaa95a88435c6a7 -# so from 1.17 onwards. Reported to the database for update by RP 2021/5/9. Update accepted 2021/5/10. -#CVE_CHECK_IGNORE += "CVE-2000-0803" - - - -#### Upstream still working on #### # qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20255 # There was a proposed patch https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html -# however qemu maintainers are sure the patch is incorrect and should not be applied. - -# wget https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31879 -# https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html -# No response upstream as of 2021/5/12 +# qemu maintainers say the patch is incorrect and should not be applied +# Ignore from OE's perspectivee as the issue is of low impact, at worst sitting in an infinite loop rather than exploitable +CVE_CHECK_IGNORE += "CVE-2021-20255" + +# qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12067 +# There was a proposed patch but rejected by upstream qemu. It is unclear if the issue can +# still be reproduced or where exactly any bug is. +# Ignore from OE's perspective as we'll pick up any fix when upstream accepts one. +CVE_CHECK_IGNORE += "CVE-2019-12067" + +# nasm:nasm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18974 +# It is a fuzzing related buffer overflow. It is of low impact since most devices +# wouldn't expose an assembler. The upstream is inactive and there is little to be +# done about the bug, ignore from an OE perspective. +CVE_CHECK_IGNORE += "CVE-2020-18974" |