Re: [OE-core] [meta-oe][dunfell][PATCH] protobuf: Whitelist CVE-2015-5237

Mon, 14 Jun 2021 11:45:27 -0700 

On Mon, Jun 14, 2021 at 5:45 AM Armin Kuster <akuster...@gmail.com> wrote:
>
>
>
> On 6/14/21 3:46 AM, RAHUL taya wrote:
> > As per below reference links this CVE issue seems to be minor and
> > harmless and as per upstream this is not a real issue in practice.
> >
> > And as per red hat this issue is marked as low severity.
> >
> > 1. https://bugzilla.suse.com/show_bug.cgi?id=CVE-2015-5237
> > 2. https://security-tracker.debian.org/tracker/CVE-2015-5237
> > 3. https://ubuntu.com/security/CVE-2015-5237
> > 4. https://github.com/protocolbuffers/protobuf/issues/760
> Thanks,
>
> Please use the openembedded-de...@lists.openembedded.org
>  for meta-oe patches.

Also only tag for the intended repo, in this case [meta-oe].  I can't
imagine a case where you would need to tag a patch with both [OE-core]
and [meta-oe]!

This maintainer gets confused easily, so if you tag a patch for
[OE-core] and it is for a recipe in [meta-oe] I will waste time in a
state of confusion ;-)

Steve

> -armin
> >
> > Upstream-Status: Pending
> >
> > Signed-off-by: Rahul Taya <rahultay...@gmail.com>
> > ---
> >  meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb | 8 ++++++++
> >  1 file changed, 8 insertions(+)
> >
> > diff --git a/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb 
> > b/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb
> > index 4d6c5b255..f845a72a0 100644
> > --- a/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb
> > +++ b/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb
> > @@ -88,3 +88,11 @@ LDFLAGS_append_arm = " -latomic"
> >  LDFLAGS_append_mips = " -latomic"
> >  LDFLAGS_append_powerpc = " -latomic"
> >  LDFLAGS_append_mipsel = " -latomic"
> > +
> > +# As per below links this issue is minor and harmless and
> > +# as per upstream this is not a real issue in practice.
> > +# https://bugzilla.suse.com/show_bug.cgi?id=CVE-2015-5237
> > +# https://security-tracker.debian.org/tracker/CVE-2015-5237
> > +# https://ubuntu.com/security/CVE-2015-5237
> > +# https://github.com/protocolbuffers/protobuf/issues/760
> > +CVE_CHECK_WHITELIST += "CVE-2015-5237"
> >
> >
> >
>
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#152940): 
https://lists.openembedded.org/g/openembedded-core/message/152940
Mute This Topic: https://lists.openembedded.org/mt/83527371/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to