[PATCH] skopeo: Mark CVE-2019-10214 as fixed

[PATCH] skopeo: Mark CVE-2019-10214 as fixed

[Andrei Gherzan]

From: Andrei Gherzan <andrei.gherzan@huawei.com>

This CVE was fixed[1] in the container image go library skopeo is using
(vendoring). The current version of the image go module is v5.20.0 while
the fix landed since v3.0.0[2].

See RedHat's resolution[3] for more details.

[1] https://github.com/containers/image/issues/654
[2] https://github.com/containers/image/pull/669/commits/a3d69a4a89244803d2f5350aca6dd0fcbe444551
[3] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10214

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
---
 recipes-containers/skopeo/skopeo_git.bb | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/recipes-containers/skopeo/skopeo_git.bb b/recipes-containers/skopeo/skopeo_git.bb
index 9d19675..d426b4f 100644
--- a/recipes-containers/skopeo/skopeo_git.bb
+++ b/recipes-containers/skopeo/skopeo_git.bb
@@ -34,6 +34,12 @@ S = "${WORKDIR}/git"
 inherit goarch
 inherit pkgconfig
 
+# This CVE was fixed in the container image go library skopeo is using.
+# See:
+# https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10214
+# https://github.com/containers/image/issues/654
+CVE_CHECK_IGNORE += "CVE-2019-10214"
+
 # This disables seccomp and apparmor, which are on by default in the
 # go package. 
 EXTRA_OEMAKE="BUILDTAGS=''"
-- 
2.25.1

Re: [meta-virtualization] [PATCH] skopeo: Mark CVE-2019-10214 as fixed

[Bruce Ashfield]

merged.

Bruce

In message: [meta-virtualization] [PATCH] skopeo: Mark CVE-2019-10214 as fixed
on 25/08/2022 Andrei Gherzan wrote:

> From: Andrei Gherzan <andrei.gherzan@huawei.com>
> 
> This CVE was fixed[1] in the container image go library skopeo is using
> (vendoring). The current version of the image go module is v5.20.0 while
> the fix landed since v3.0.0[2].
> 
> See RedHat's resolution[3] for more details.
> 
> [1] https://github.com/containers/image/issues/654
> [2] https://github.com/containers/image/pull/669/commits/a3d69a4a89244803d2f5350aca6dd0fcbe444551
> [3] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10214
> 
> Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
> ---
>  recipes-containers/skopeo/skopeo_git.bb | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/recipes-containers/skopeo/skopeo_git.bb b/recipes-containers/skopeo/skopeo_git.bb
> index 9d19675..d426b4f 100644
> --- a/recipes-containers/skopeo/skopeo_git.bb
> +++ b/recipes-containers/skopeo/skopeo_git.bb
> @@ -34,6 +34,12 @@ S = "${WORKDIR}/git"
>  inherit goarch
>  inherit pkgconfig
>  
> +# This CVE was fixed in the container image go library skopeo is using.
> +# See:
> +# https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10214
> +# https://github.com/containers/image/issues/654
> +CVE_CHECK_IGNORE += "CVE-2019-10214"
> +
>  # This disables seccomp and apparmor, which are on by default in the
>  # go package. 
>  EXTRA_OEMAKE="BUILDTAGS=''"
> -- 
> 2.25.1
> 

> 
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#7566): https://lists.yoctoproject.org/g/meta-virtualization/message/7566
> Mute This Topic: https://lists.yoctoproject.org/mt/93253333/1050810
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>