diff options
author | Peter Marko <peter.marko@siemens.com> | 2024-01-13 19:04:04 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2024-01-23 11:52:43 +0000 |
commit | 9f953a1cd832f03f0b3666168addf45fd4fc8d14 (patch) | |
tree | a43b98012065551527c8b2bba5f1b56c0c04e3e8 | |
parent | a9b51a42fc1fd3c01852b51e3f21cf4d4480f3e8 (diff) | |
download | openembedded-core-9f953a1cd832f03f0b3666168addf45fd4fc8d14.tar.gz |
zlib: ignore CVE-2023-6992
This CVE is for iCPE cloudflare:zlib.
Alternative to ignoring would be to limit CVE_PRODUCT, but
historic CVEs already have two - gnu:zlib and zlib:zlib.
So limiting it could miss future CVEs.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-core/zlib/zlib_1.3.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-core/zlib/zlib_1.3.bb b/meta/recipes-core/zlib/zlib_1.3.bb index 1ed18172fa..ede75f90bd 100644 --- a/meta/recipes-core/zlib/zlib_1.3.bb +++ b/meta/recipes-core/zlib/zlib_1.3.bb @@ -47,3 +47,4 @@ do_install_ptest() { BBCLASSEXTEND = "native nativesdk" CVE_STATUS[CVE-2023-45853] = "not-applicable-config: we don't build minizip" +CVE_STATUS[CVE-2023-6992] = "cpe-incorrect: this CVE is for cloudflare zlib" |