From: "Saloni.Jain" <saloni.j...@kpit.com> Whitelisted below CVEs: 1. CVE-2018-12433 is disputed and reported for crypt libraries. Link: https://security-tracker.debian.org/tracker/CVE-2018-12433 Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12433
2. CVE-2018-12437 is reported for libtomcrypt and is duplicate of CVE-2018-0495. Link: https://security-tracker.debian.org/tracker/CVE-2018-12437 Link: https://github.com/libtom/libtomcrypt/pull/408 Link: https://access.redhat.com/security/cve/CVE-2018-12437 3. CVE-2018-12438 is also reported for crypt libraries and no details are available for which versions are affected. Link: https://security-tracker.debian.org/tracker/CVE-2018-12438 Link: https://ubuntu.com/security/CVE-2018-12438 Signed-off-by: Saloni Jain <saloni.j...@kpit.com> --- meta/recipes-connectivity/openssl/openssl_1.1.1j.bb | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1j.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1j.bb index 181790e6ab..3d96533580 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.1.1j.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1j.bb @@ -241,3 +241,13 @@ CVE_VERSION_SUFFIX = "alphabetical" # Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37 # Apache in meta-webserver is already recent enough CVE_CHECK_WHITELIST += "CVE-2019-0190" + +# CVE-2018-12433 is disputed and reported for crypt libraries +CVE_CHECK_WHITELIST += "CVE-2018-12433" + +# CVE-2018-12437 is reported for libtomcrypt and is duplicate of CVE-2018-0495 +CVE_CHECK_WHITELIST += "CVE-2018-12437" + +# CVE-2018-12438 is also reported for crypt libraries and no details are +# available for which versions are affected. +CVE_CHECK_WHITELIST += "CVE-2018-12438" -- 2.17.1 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#149083): https://lists.openembedded.org/g/openembedded-core/message/149083 Mute This Topic: https://lists.openembedded.org/mt/81154980/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
