diff options
author | virendra thakur <thakur.virendra1810@gmail.com> | 2023-06-27 13:20:13 +0530 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2023-07-14 07:08:54 -0400 |
commit | e5808a69cd3e952d7815b34ad3d66046e3cd9d50 (patch) | |
tree | eff2ebc36ae44e95e8ee3c07ae24e31043aec0dd | |
parent | 8b5ce0d5243e695dd33ba7059303beea2a71abac (diff) | |
download | meta-openembedded-contrib-e5808a69cd3e952d7815b34ad3d66046e3cd9d50.tar.gz |
c-ares: whitelist CVE-2023-31124
CVE-2023-31124 applies only when cross-compiling using autotools.
Yocto cross-compiles via cmake which is also listed as official workaround.
See:
* https://nvd.nist.gov/vuln/detail/CVE-2023-31124
* https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4
Signed-off-by: virendra thakur <virendrak@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r-- | meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb b/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb index 66254583bc..152d913325 100644 --- a/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb +++ b/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb @@ -23,3 +23,7 @@ PACKAGES =+ "${PN}-utils" FILES_${PN}-utils = "${bindir}" BBCLASSEXTEND = "native nativesdk" + +# this vulneribility applies only when cross-compiling using autotools +# yocto cross-compiles via cmake which is also listed as official workaround +CVE_CHECK_WHITELIST += "CVE-2023-31124" |