emlog: ignore inapplicable CVEs

The CVEs: * CVE-2019-16868 * CVE-2019-17073 * CVE-2021-44584 * CVE-2022-1526 * CVE-2022-3968 * CVE-2023-43291 ... apply to the other "emlog" and can be safely ignored. Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Yoann Congal <yoann.congal@smile.fr> 2023-11-14 11:23:50 +0100
committer: Armin Kuster <akuster808@gmail.com> 2023-12-17 15:36:41 -0500
commit: b9c0cacc11ce8e6252b89614beb8d45e56591052 (patch)
tree: 7fb8c6701f93c9fab385b8abf78136ce8c4e2c00
parent: 77a7a2881d246b2f9f8f8dc1b5fe71eae821f652 (diff)
download: meta-openembedded-contrib-b9c0cacc11ce8e6252b89614beb8d45e56591052.tar.gz
1 files changed, 13 insertions, 0 deletions
diff --git a/meta-oe/recipes-core/emlog/emlog_git.bb b/meta-oe/recipes-core/emlog/emlog_git.bb
index 387dd67123..a503ab82b8 100644
--- a/meta-oe/recipes-core/emlog/emlog_git.bb
+++ b/meta-oe/recipes-core/emlog/emlog_git.bb
@@ -24,3 +24,16 @@ do_install() {
 }
 
 RRECOMMENDS_${PN} += "kernel-module-emlog"
+
+# The NVD database doesn't have a CPE for this product,
+# the name of this product is exactly the same as github.com/emlog/emlog
+# but it's not related in any way. The following CVEs are from that project
+# so they can be safely ignored
+CVE_CHECK_WHITELIST += "\
+    CVE-2019-16868 \
+    CVE-2019-17073 \
+    CVE-2021-44584 \
+    CVE-2022-1526 \
+    CVE-2022-3968 \
+    CVE-2023-43291 \
+"
author	Yoann Congal <yoann.congal@smile.fr>	2023-11-14 11:23:50 +0100
committer	Armin Kuster <akuster808@gmail.com>	2023-12-17 15:36:41 -0500
commit	b9c0cacc11ce8e6252b89614beb8d45e56591052 (patch)
tree	7fb8c6701f93c9fab385b8abf78136ce8c4e2c00
parent	77a7a2881d246b2f9f8f8dc1b5fe71eae821f652 (diff)
download	meta-openembedded-contrib-b9c0cacc11ce8e6252b89614beb8d45e56591052.tar.gz