Hi Anuj, Thankyou for the inputs. Will send another patch with version 2 in devel list.
Thanks & Regards, Saloni ________________________________ From: Mittal, Anuj <anuj.mit...@intel.com> Sent: Friday, April 9, 2021 12:21 PM To: openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org>; Saloni Jain <saloni.j...@kpit.com>; raj.k...@gmail.com <raj.k...@gmail.com> Cc: Nisha Parrakat <nisha.parra...@kpit.com> Subject: Re: [OE-core] [meta-oe][dunfell][PATCH] fuse: Whitelisted CVE-2019-14860 This patch should go to openembedded-de...@lists.openembedded.org. I think the correct solution here would be to add CVE_PRODUCT = "fuse_project:fuse" in the recipe to differentiate it from "redhat:fuse". Thanks, Anuj On Fri, 2021-04-09 at 12:04 +0530, saloni wrote: > CVE-2019-14860 is a REDHAT specific issue and > was addressed for REDHAT Fuse products on > Red Hat Fuse 7.4.1 and Red Hat Fuse 7.5.0. > REDHAT has also released the fix and updated their > security advisories after significant releases. > Hence, whitelited the CVE-2019-14860. > > Link: > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Faccess.redhat.com%2Fsecurity%2Fcve%2Fcve-2019-14860&data=04%7C01%7Csaloni.jain%40kpit.com%7C6627a132de1241e7e00908d8fb23f991%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637535479248127831%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=tV7hFBfC9GEyCMZc97AEA%2FNG2VFBXAjh5WdRCiwvJCw%3D&reserved=0 > Link: > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Faccess.redhat.com%2Ferrata%2FRHSA-2019%3A3244&data=04%7C01%7Csaloni.jain%40kpit.com%7C6627a132de1241e7e00908d8fb23f991%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637535479248127831%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=LnP1BW%2FvzhT1vFcTwB9nBwqy%2BmsiNN2aX6hSstd1YCA%3D&reserved=0 > Link: > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Faccess.redhat.com%2Ferrata%2FRHSA-2019%3A3892&data=04%7C01%7Csaloni.jain%40kpit.com%7C6627a132de1241e7e00908d8fb23f991%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637535479248127831%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=VlLAdm2H%2Fu%2F9rLKV3Wj7hdHeMHJnR7sSovAIRflroqo%3D&reserved=0 > > Signed-off-by: Saloni Jain <saloni.j...@kpit.com> > --- > meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb > b/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb > index 2c272d452..601232c6b 100644 > --- a/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb > +++ b/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb > @@ -19,6 +19,10 @@ SRC_URI = > "https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Flibfuse%2Flibfuse%2Freleases%2Fdownload%2F%24&data=04%7C01%7Csaloni.jain%40kpit.com%7C6627a132de1241e7e00908d8fb23f991%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637535479248127831%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=niPqtkGW3h%2BbJQXXMrM%2Fqm%2F2YB4Fty1oiXniQUyrjI8%3D&reserved=0{BP}/${BP}.tar > . > SRC_URI[md5sum] = "8000410aadc9231fd48495f7642f3312" > SRC_URI[sha256sum] = > "d0e69d5d608cc22ff4843791ad097f554dd32540ddc9bed7638cc6fea7c1b4b5" > > +# CVE-2019-14860 is a REDHAT specific issue and was addressed for > REDHAT Fuse products on Red Hat Fuse 7.4.1 and Red Hat Fuse 7.5.0. > +# REDHAT has also released the fix and updated their security > advisories after significant releases. > +CVE_CHECK_WHITELIST += "CVE-2019-14860" > + > UPSTREAM_CHECK_URI = > "https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Flibfuse%2Flibfuse%2Freleases&data=04%7C01%7Csaloni.jain%40kpit.com%7C6627a132de1241e7e00908d8fb23f991%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637535479248127831%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=gjZBj5RhqtOdvvvH0uDpKtHvmpOaNV1%2F1s9RYmgx%2F3c%3D&reserved=0"; > UPSTREAM_CHECK_REGEX = "fuse\-(?P<pver>2(\.\d+)+).tar.gz" > > -- > 2.17.1 > > This message contains information that may be privileged or > confidential and is the property of the KPIT Technologies Ltd. It is > intended only for the person to whom it is addressed. If you are not > the intended recipient, you are not authorized to read, print, retain > copy, disseminate, distribute, or use this message or any part > thereof. If you receive this message in error, please notify the > sender immediately and delete all copies of this message. KPIT > Technologies Ltd. does not accept any liability for virus infected > mails. > > > This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#150335): https://lists.openembedded.org/g/openembedded-core/message/150335 Mute This Topic: https://lists.openembedded.org/mt/81962404/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
