On Wed, 15 Jan 2025 at 13:36, Peter Marko via lists.openembedded.org <peter.marko=siemens....@lists.openembedded.org> wrote: > Fact that the vulnerability is not exploitable remotely without authentication > does not mean that the vulnerability is not real or that it cannot be > exploited. > Local vulnerabilities are food for LOTL attacks. > > Also note that if you want to get these from your cve reports, > you can simply include oe-core cve-extra-exclusions.inc which lists all of > these. > Maybe we could enhance comments in cve-extra-exclusions.inc for future > reference instead?
I'd also appreciate efforts to completely remove berkeley db from yocto, for reasons explained in [1]. Last I checked, apt-ftparchive still had a hard dependency on it. [1] https://lwn.net/Articles/557820/ Alex
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#209900): https://lists.openembedded.org/g/openembedded-core/message/209900 Mute This Topic: https://lists.openembedded.org/mt/110625645/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
