As per below reference links this CVE issue seems to be minor and harmless and as per upstream this is not a real issue in practice.
And as per red hat this issue is marked as low severity. 1. https://bugzilla.suse.com/show_bug.cgi?id=CVE-2015-5237 2. https://security-tracker.debian.org/tracker/CVE-2015-5237 3. https://ubuntu.com/security/CVE-2015-5237 4. https://github.com/protocolbuffers/protobuf/issues/760 Signed-off-by: Rahul Taya <rahultay...@gmail.com> --- meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb b/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb index 4d6c5b255..f845a72a0 100644 --- a/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb +++ b/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb @@ -88,3 +88,11 @@ LDFLAGS_append_arm = " -latomic" LDFLAGS_append_mips = " -latomic" LDFLAGS_append_powerpc = " -latomic" LDFLAGS_append_mipsel = " -latomic" + +# As per below links this issue is minor and harmless and +# as per upstream this is not a real issue in practice. +# https://bugzilla.suse.com/show_bug.cgi?id=CVE-2015-5237 +# https://security-tracker.debian.org/tracker/CVE-2015-5237 +# https://ubuntu.com/security/CVE-2015-5237 +# https://github.com/protocolbuffers/protobuf/issues/760 +CVE_CHECK_WHITELIST += "CVE-2015-5237" -- 2.17.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#152929): https://lists.openembedded.org/g/openembedded-core/message/152929 Mute This Topic: https://lists.openembedded.org/mt/83527371/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
