emlog: ignore unrelated CVEs

This product is not present in the NVD database but another one with exactly the same name is in fact present. For that reason cve-check is outputting CVEs that are unrelated so they can be ignored. Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Davide Gardenal <davidegarde2000@gmail.com> 2022-07-04 11:40:55 +0200
committer: Armin Kuster <akuster808@gmail.com> 2022-07-09 11:53:47 -0700
commit: 97375c77128ab2ac51f480ebb1c1c10974b71287 (patch)
tree: 5c4cab8c1be14d55193471b7ab4ed05f936e7d73
parent: c455cbab36b49403fd1b8190a3acb9604145c086 (diff)
download: meta-openembedded-contrib-97375c77128ab2ac51f480ebb1c1c10974b71287.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/meta-oe/recipes-core/emlog/emlog_git.bb b/meta-oe/recipes-core/emlog/emlog_git.bb
index be9ae58232..05fa0c334c 100644
--- a/meta-oe/recipes-core/emlog/emlog_git.bb
+++ b/meta-oe/recipes-core/emlog/emlog_git.bb
@@ -24,3 +24,14 @@ do_install() {
 }
 
 RRECOMMENDS:${PN} += "kernel-module-emlog"
+
+# The NVD database doesn't have a CPE for this product,
+# the name of this product is exactly the same as github.com/emlog/emlog
+# but it's not related in any way. The following CVEs are from that project
+# so they can be safely ignored
+CVE_CHECK_IGNORE += "\
+    CVE-2019-16868 \
+    CVE-2019-17073 \
+    CVE-2021-44584 \
+    CVE-2022-1526 \
+"
author	Davide Gardenal <davidegarde2000@gmail.com>	2022-07-04 11:40:55 +0200
committer	Armin Kuster <akuster808@gmail.com>	2022-07-09 11:53:47 -0700
commit	97375c77128ab2ac51f480ebb1c1c10974b71287 (patch)
tree	5c4cab8c1be14d55193471b7ab4ed05f936e7d73
parent	c455cbab36b49403fd1b8190a3acb9604145c086 (diff)
download	meta-openembedded-contrib-97375c77128ab2ac51f480ebb1c1c10974b71287.tar.gz