summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRoss Burton <ross@burtonini.com>2021-08-16 10:05:49 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2021-08-16 10:24:52 +0100
commitbc7216e8148d0dee7b56e6851da6615e93647a0a (patch)
tree820c097065a90bb40ecbe8df9a7940cc3aa5632a
parent0441b53d55a919b5ac42e997f4092053b017b553 (diff)
downloadopenembedded-core-contrib-bc7216e8148d0dee7b56e6851da6615e93647a0a.tar.gz
tar: ignore node-tar CVEs
These two CVEs are specific to the Node package node-tar. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-extended/tar/tar_1.34.bb3
1 files changed, 3 insertions, 0 deletions
diff --git a/meta/recipes-extended/tar/tar_1.34.bb b/meta/recipes-extended/tar/tar_1.34.bb
index c096a8c9a8..98755a11cc 100644
--- a/meta/recipes-extended/tar/tar_1.34.bb
+++ b/meta/recipes-extended/tar/tar_1.34.bb
@@ -61,3 +61,6 @@ PROVIDES:append:class-native = " tar-replacement-native"
NATIVE_PACKAGE_PATH_SUFFIX = "/${PN}"
BBCLASSEXTEND = "native nativesdk"
+
+# These are both specific to the NPM package node-tar
+CVE_CHECK_WHITELIST += "CVE-2021-32803 CVE-2021-32804"