ghostscript: Exclude CVE-2013-6629 from cve-check

The CVE is in the jpeg sources included with ghostscript. We use our own external jpeg library so this doesn't affect us. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-05-11 13:44:09 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-05-12 23:05:17 +0100
commit: 8556d6a6722f21af5e6f97589bec3cbd31da206c (patch)
tree: 8d60b8d7eefd9a433829bf5797cd2eba608b8182 /meta/recipes-extended
parent: 6f587d1e1fdf8141d240160d57c9a05ff97ea510 (diff)
download: openembedded-core-8556d6a6722f21af5e6f97589bec3cbd31da206c.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.54.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.54.0.bb
index 9ace037aa9..81f8d615ae 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.54.0.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.54.0.bb
@@ -19,6 +19,10 @@ DEPENDS_class-native = "libpng-native"
 UPSTREAM_CHECK_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases"
 UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.tar"
 
+# As of ghostscript 9.54.0 the jpeg issue in the CVE is present in the gs jpeg sources
+# however we use an external jpeg which doesn't have the issue.
+CVE_CHECK_WHITELIST += "CVE-2013-6629"
+
 def gs_verdir(v):
     return "".join(v.split("."))
author	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-05-11 13:44:09 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-05-12 23:05:17 +0100
commit	8556d6a6722f21af5e6f97589bec3cbd31da206c (patch)
tree	8d60b8d7eefd9a433829bf5797cd2eba608b8182 /meta/recipes-extended
parent	6f587d1e1fdf8141d240160d57c9a05ff97ea510 (diff)
download	openembedded-core-8556d6a6722f21af5e6f97589bec3cbd31da206c.tar.gz