cve-check.bbclass: CVE-2014-2524 / readline v5.2
Contrary to the CVE report, the vulnerable trace functions don't exist in readline v5.2 (which we keep for GPLv2+ purposes), they were added in readline v6.0 only - let's whitelist that CVE in order to avoid false positives. See also the discussion in https://patchwork.openembedded.org/patch/81765/ (From OE-Core rev: b881a288eec598002685f68da80a24e0478fa496) Signed-off-by: André Draszik <adraszik@tycoint.com> Reviewed-by: Lukasz Nowak <lnowak@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
85c9b9f9c6
commit
fe5c48dddf
|
@ -39,7 +39,7 @@ CVE_CHECK_PN_WHITELIST = "\
|
|||
|
||||
# Whitelist for CVE and version of package
|
||||
CVE_CHECK_CVE_WHITELIST = "{\
|
||||
'CVE-2014-2524': ('6.3',), \
|
||||
'CVE-2014-2524': ('6.3','5.2',), \
|
||||
}"
|
||||
|
||||
python do_cve_check () {
|
||||
|
|
Loading…
Reference in New Issue