diff options
author | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-05-10 11:56:50 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-05-11 11:53:23 +0100 |
commit | b238db678083cc15313b98d2e33f83cccab03fc6 (patch) | |
tree | 4c6866faedf95800d86034b0099c1acf869ea759 /meta | |
parent | 2467ab1554bee3a431636046735e8e369e865bc6 (diff) | |
download | openembedded-core-contrib-b238db678083cc15313b98d2e33f83cccab03fc6.tar.gz |
glibc: Document and whitelist CVE-2019-1010022-25
These CVEs are disputed by upstream and there is no plan to fix/address them. No
other distros are carrying patches for them. There is a patch for 1010025
however it isn't merged upstream and probably carries more risk of other bugs
than not having it.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-core/glibc/glibc_2.33.bb | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/meta/recipes-core/glibc/glibc_2.33.bb b/meta/recipes-core/glibc/glibc_2.33.bb index 5e0baa53e8..75a1f36d6b 100644 --- a/meta/recipes-core/glibc/glibc_2.33.bb +++ b/meta/recipes-core/glibc/glibc_2.33.bb @@ -3,6 +3,19 @@ require glibc-version.inc CVE_CHECK_WHITELIST += "CVE-2020-10029" +# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010022 +# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010023 +# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010024 +# Upstream glibc maintainers dispute there is any issue and have no plans to address it further. +# "this is being treated as a non-security bug and no real threat." +CVE_CHECK_WHITELIST += "CVE-2019-1010022 CVE-2019-1010023 CVE-2019-1010024" + +# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010025 +# Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, may allow +# easier access for another. "ASLR bypass itself is not a vulnerability." +# Potential patch at https://sourceware.org/bugzilla/show_bug.cgi?id=22853 +CVE_CHECK_WHITELIST += "CVE-2019-1010025" + DEPENDS += "gperf-native bison-native make-native" NATIVESDKFIXES ?= "" |