[PATCH] xserver-xorg: update CVE

public inbox for openembedded-core@lists.openembedded.org
 help / color / mirror / Atom feed

* [PATCH] xserver-xorg: update CVE_PRODUCT
@ 2021-12-29  1:34 Anuj Mittal
  2022-01-10 11:59 ` [OE-core] " Richard Purdie
  0 siblings, 1 reply; 3+ messages in thread
From: Anuj Mittal @ 2021-12-29  1:34 UTC (permalink / raw)
  To: openembedded-core

Some of the CVEs have x_server as the product name.

Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 meta/recipes-graphics/xorg-xserver/xserver-xorg.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
index 7d1f17e7777..4e88cf26f72 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
@@ -19,7 +19,7 @@ SRC_URI = "${XORG_MIRROR}/individual/xserver/${XORG_PN}-${PV}.tar.xz"
 
 UPSTREAM_CHECK_REGEX = "xorg-server-(?P<pver>\d+(\.(?!99)\d+)+)\.tar"
 
-CVE_PRODUCT = "xorg-server"
+CVE_PRODUCT = "xorg-server x_server"
 
 S = "${WORKDIR}/${XORG_PN}-${PV}"
 
-- 
2.33.1



^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [OE-core] [PATCH] xserver-xorg: update CVE_PRODUCT
  2021-12-29  1:34 [PATCH] xserver-xorg: update CVE_PRODUCT Anuj Mittal
@ 2022-01-10 11:59 ` Richard Purdie
  2022-01-10 15:33   ` Ross Burton
  0 siblings, 1 reply; 3+ messages in thread
From: Richard Purdie @ 2022-01-10 11:59 UTC (permalink / raw)
  To: Anuj Mittal, openembedded-core

On Wed, 2021-12-29 at 09:34 +0800, Anuj Mittal wrote:
> Some of the CVEs have x_server as the product name.
> 
> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
> ---
>  meta/recipes-graphics/xorg-xserver/xserver-xorg.inc | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
> index 7d1f17e7777..4e88cf26f72 100644
> --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
> +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
> @@ -19,7 +19,7 @@ SRC_URI = "${XORG_MIRROR}/individual/xserver/${XORG_PN}-${PV}.tar.xz"
>  
>  UPSTREAM_CHECK_REGEX = "xorg-server-(?P<pver>\d+(\.(?!99)\d+)+)\.tar"
>  
> -CVE_PRODUCT = "xorg-server"
> +CVE_PRODUCT = "xorg-server x_server"
>  
>  S = "${WORKDIR}/${XORG_PN}-${PV}"
>  

This does add a number of CVEs for master. Do you have updates for those? They
mostly look like things we probably would add to the ignore list at a quick
glance?

Cheers,

Richard



^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [OE-core] [PATCH] xserver-xorg: update CVE_PRODUCT
  2022-01-10 11:59 ` [OE-core] " Richard Purdie
@ 2022-01-10 15:33   ` Ross Burton
  0 siblings, 0 replies; 3+ messages in thread
From: Ross Burton @ 2022-01-10 15:33 UTC (permalink / raw)
  To: Richard Purdie; +Cc: Anuj Mittal, openembedded-core

I sent a patch to whitelist two, and the other will be dealt with via
a CPE update.

Ross

On Mon, 10 Jan 2022 at 11:59, Richard Purdie
<richard.purdie@linuxfoundation.org> wrote:
>
> On Wed, 2021-12-29 at 09:34 +0800, Anuj Mittal wrote:
> > Some of the CVEs have x_server as the product name.
> >
> > Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
> > ---
> >  meta/recipes-graphics/xorg-xserver/xserver-xorg.inc | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
> > index 7d1f17e7777..4e88cf26f72 100644
> > --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
> > +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
> > @@ -19,7 +19,7 @@ SRC_URI = "${XORG_MIRROR}/individual/xserver/${XORG_PN}-${PV}.tar.xz"
> >
> >  UPSTREAM_CHECK_REGEX = "xorg-server-(?P<pver>\d+(\.(?!99)\d+)+)\.tar"
> >
> > -CVE_PRODUCT = "xorg-server"
> > +CVE_PRODUCT = "xorg-server x_server"
> >
> >  S = "${WORKDIR}/${XORG_PN}-${PV}"
> >
>
> This does add a number of CVEs for master. Do you have updates for those? They
> mostly look like things we probably would add to the ignore list at a quick
> glance?
>
> Cheers,
>
> Richard
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#160344): https://lists.openembedded.org/g/openembedded-core/message/160344
> Mute This Topic: https://lists.openembedded.org/mt/88007560/1676615
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ross@burtonini.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2022-01-10 15:34 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-12-29  1:34 [PATCH] xserver-xorg: update CVE_PRODUCT Anuj Mittal
2022-01-10 11:59 ` [OE-core] " Richard Purdie
2022-01-10 15:33   ` Ross Burton

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox