diff options
author | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-04-12 11:21:13 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-04-12 16:39:27 +0100 |
commit | 5dfe2dd5482c9a446f8e722fe51903d205e6770d (patch) | |
tree | d530c7ba181fe254dbc892529453b6f659450a4d /meta/recipes-devtools | |
parent | 256d212fd1eb9b6d4b87c2c84b1ea2a3afdeb843 (diff) | |
download | openembedded-core-contrib-5dfe2dd5482c9a446f8e722fe51903d205e6770d.tar.gz |
git: Ignore CVE-2022-24975
Everyone I've talked to doesn't see this as a major issue. The CVE
asks for a documentation improvement on the --mirror option to
git clone as deleted content could be leaked into a mirror. For OE's
general users/use cases, we wouldn't build or ship docs so this wouldn't
affect us.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools')
-rw-r--r-- | meta/recipes-devtools/git/git_2.35.1.bb | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/meta/recipes-devtools/git/git_2.35.1.bb b/meta/recipes-devtools/git/git_2.35.1.bb index 47c2211864..e39142128b 100644 --- a/meta/recipes-devtools/git/git_2.35.1.bb +++ b/meta/recipes-devtools/git/git_2.35.1.bb @@ -18,6 +18,11 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=7c0d7ef03a7eb04ce795b0f60e68e7e1" CVE_PRODUCT = "git-scm:git" +# This is about a manpage not mentioning --mirror may "leak" information +# in mirrored git repos. Most OE users wouldn't build the docs and +# we don't see this as a major issue for our general users/usecases. +CVE_CHECK_IGNORE += "CVE-2022-24975" + PACKAGECONFIG ??= "expat curl" PACKAGECONFIG[cvsserver] = "" PACKAGECONFIG[svn] = "" |