cve-check.bbclass: CVE-2014-2524 / readline v5.2

Contrary to the CVE report, the vulnerable trace functions don't exist in readline v5.2 (which we keep for GPLv2+ purposes), they were added in readline v6.0 only - let's whitelist that CVE in order to avoid false positives. See also the discussion in https://patchwork.openembedded.org/patch/81765/ Signed-off-by: André Draszik <adraszik@tycoint.com> Reviewed-by: Lukasz Nowak <lnowak@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
author: André Draszik <adraszik@tycoint.com> 2016-11-04 11:06:31 +0000
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-11-15 15:18:48 +0000
commit: b881a288eec598002685f68da80a24e0478fa496 (patch)
tree: 5252f43b1832f6fb8491ece5a4955e40699bb1da /meta/classes/cve-check.bbclass
parent: b5a036ce958e3fe24690531712071abc14b48033 (diff)
download: openembedded-core-contrib-b881a288eec598002685f68da80a24e0478fa496.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 1425a40554..b0febfb2e5 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -39,7 +39,7 @@ CVE_CHECK_PN_WHITELIST = "\
 
 # Whitelist for CVE and version of package
 CVE_CHECK_CVE_WHITELIST = "{\
-    'CVE-2014-2524': ('6.3',), \
+    'CVE-2014-2524': ('6.3','5.2',), \
 }"
 
 python do_cve_check () {
author	André Draszik <adraszik@tycoint.com>	2016-11-04 11:06:31 +0000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-11-15 15:18:48 +0000
commit	b881a288eec598002685f68da80a24e0478fa496 (patch)
tree	5252f43b1832f6fb8491ece5a4955e40699bb1da /meta/classes/cve-check.bbclass
parent	b5a036ce958e3fe24690531712071abc14b48033 (diff)
download	openembedded-core-contrib-b881a288eec598002685f68da80a24e0478fa496.tar.gz