From: Purushottam Choudhary <purushottam.choudh...@kpit.com>
This CVE is about TOCTOU (time-of-check time-of-use)
race condition when copying and removing directory trees
which had very low severity problem and marked as closed
and won't fix. Therefore whitelisted CVE-2013-4235.
Master, gatesgarth and dunfell all have shadow version 4.81.
Hence, this is applicable for master, gatesgarth and dunfell.
Link: https://bugzilla.redhat.com/show_bug.cgi?id=884658
Signed-off-by: Sana Kazi <sana.k...@kpit.com>
Signed-off-by: Richard Purdie <richard.pur...@linuxfoundation.org>
(cherry picked from commit b1c6cd87bee6b019619dc5728fd6c36bc87ed696)
Signed-off-by: Steve Sakoman <st...@sakoman.com>
---
meta/recipes-extended/shadow/shadow_4.8.1.bb | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-extended/shadow/shadow_4.8.1.bb
b/meta/recipes-extended/shadow/shadow_4.8.1.bb
index c975395ff8..ff4aad926f 100644
--- a/meta/recipes-extended/shadow/shadow_4.8.1.bb
+++ b/meta/recipes-extended/shadow/shadow_4.8.1.bb
@@ -6,5 +6,6 @@ BUILD_LDFLAGS_append_class-target = "
${@bb.utils.contains('DISTRO_FEATURES', 'p
BBCLASSEXTEND = "native nativesdk"
-
-
+# Severity is low and marked as closed and won't fix.
+# https://bugzilla.redhat.com/show_bug.cgi?id=884658
+CVE_CHECK_WHITELIST += "CVE-2013-4235"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#149382):
https://lists.openembedded.org/g/openembedded-core/message/149382
Mute This Topic: https://lists.openembedded.org/mt/81309541/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
