Use CVE_CHECK_WHITELIST as CVE_CHECK_IGNORE is not valid on dunfell branch Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rat...@kpit.com> Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1...@gmail.com> --- meta/conf/distro/include/cve-extra-exclusions.inc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc b/meta/conf/distro/include/cve-extra-exclusions.inc index 70442df991..f3490db9dd 100644 --- a/meta/conf/distro/include/cve-extra-exclusions.inc +++ b/meta/conf/distro/include/cve-extra-exclusions.inc @@ -57,19 +57,19 @@ CVE-2016-0689 CVE-2016-0692 CVE-2016-0694 CVE-2016-3418 CVE-2020-2981" # There was a proposed patch https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html # qemu maintainers say the patch is incorrect and should not be applied # Ignore from OE's perspectivee as the issue is of low impact, at worst sitting in an infinite loop rather than exploitable -CVE_CHECK_IGNORE += "CVE-2021-20255" +CVE_CHECK_WHITELIST += "CVE-2021-20255" # qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12067 # There was a proposed patch but rejected by upstream qemu. It is unclear if the issue can # still be reproduced or where exactly any bug is. # Ignore from OE's perspective as we'll pick up any fix when upstream accepts one. -CVE_CHECK_IGNORE += "CVE-2019-12067" +CVE_CHECK_WHITELIST += "CVE-2019-12067" # nasm:nasm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18974 # It is a fuzzing related buffer overflow. It is of low impact since most devices # wouldn't expose an assembler. The upstream is inactive and there is little to be # done about the bug, ignore from an OE perspective. -CVE_CHECK_IGNORE += "CVE-2020-18974" +CVE_CHECK_WHITELIST += "CVE-2020-18974" -- 2.17.1 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#168122): https://lists.openembedded.org/g/openembedded-core/message/168122 Mute This Topic: https://lists.openembedded.org/mt/92403999/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
