From: "Marko, Peter" <Peter.Marko@siemens.com>
To: "ross.burton@arm.com" <ross.burton@arm.com>,
"openembedded-core@lists.openembedded.org"
<openembedded-core@lists.openembedded.org>
Subject: RE: [OE-core] [PATCH 3/5] zlib: ignore CVE-2023-6992
Date: Mon, 22 Jan 2024 14:16:09 +0000 [thread overview]
Message-ID: <AS1PR10MB5697D9500BD9ACE6C5006C54FD752@AS1PR10MB5697.EURPRD10.PROD.OUTLOOK.COM> (raw)
In-Reply-To: <20240122140406.3837333-3-ross.burton@arm.com>
Hi Ross,
I think this one is better - https://lists.openembedded.org/g/openembedded-core/message/193603
I'm not sure why it was not picked up yet after 9 days, but It's CPE which is not matching, not our configuration options...
Peter
-----Original Message-----
From: openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org> On Behalf Of Ross Burton via lists.openembedded.org
Sent: Monday, January 22, 2024 15:04
To: openembedded-core@lists.openembedded.org
Subject: [OE-core] [PATCH 3/5] zlib: ignore CVE-2023-6992
> From: Ross Burton <ross.burton@arm.com>
>
> This issue is specific to the Cloudflare fork of zlib.
>
> Signed-off-by: Ross Burton <ross.burton@arm.com>
> ---
> meta/recipes-core/zlib/zlib_1.3.bb | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/meta/recipes-core/zlib/zlib_1.3.bb b/meta/recipes-core/zlib/zlib_1.3.bb
> index 1ed18172faa..9db5588d66a 100644
> --- a/meta/recipes-core/zlib/zlib_1.3.bb
> +++ b/meta/recipes-core/zlib/zlib_1.3.bb
> @@ -47,3 +47,4 @@ do_install_ptest() {
> BBCLASSEXTEND = "native nativesdk"
>
> CVE_STATUS[CVE-2023-45853] = "not-applicable-config: we don't build minizip"
> +CVE_STATUS[CVE-2023-6992] = "not-applicable-config: specific to the Cloudflare fork"
> --
> 2.34.1
next prev parent reply other threads:[~2024-01-22 14:16 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-22 14:04 [PATCH 1/5] cve_check: handle CVE_STATUS being set to the empty string ross.burton
2024-01-22 14:04 ` [PATCH 2/5] cve_check: cleanup logging ross.burton
2024-01-22 14:04 ` [PATCH 3/5] zlib: ignore CVE-2023-6992 ross.burton
2024-01-22 14:16 ` Marko, Peter [this message]
2024-01-22 14:26 ` [OE-core] " Ross Burton
2024-01-22 14:52 ` Marko, Peter
2024-01-22 14:04 ` [PATCH 4/5] xserver-xorg: add PACKAGECONFIG for xvfb ross.burton
2024-01-22 14:04 ` [PATCH 5/5] xserver-xorg: disable xvfb by default ross.burton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=AS1PR10MB5697D9500BD9ACE6C5006C54FD752@AS1PR10MB5697.EURPRD10.PROD.OUTLOOK.COM \
--to=peter.marko@siemens.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=ross.burton@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox