helium-3rd-party/poky
1
0
Fork 0
mirror of git://git.yoctoproject.org/poky synced 2026-04-02 02:49:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

glibc: ignore CVE-2023-4527

Browse Source 
This vulnerability was introduced in 2.36, so 2.31 is not vulnerable.

(From OE-Core rev: 3471922461627c0f0487feb09cfdc4cfeeb3f3ca)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Peter Marko 2023-10-31 19:09:55 +01:00 committed by Steve Sakoman
parent 77214fc5d4
commit be04eefcaf
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
meta/recipes-core/glibc/glibc_2.31.bb
View File

@ -29,6 +29,13 @@ CVE_CHECK_WHITELIST += "CVE-2019-1010025"
# https://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=dunfell&id=e1e89ff7d75c3d2223f9e3bd875b9b0c5e15836b
CVE_CHECK_WHITELIST += "CVE-2021-35942"
# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4527
# This vulnerability was introduced in 2.36 by commit
# f282cdbe7f436c75864e5640a409a10485e9abb2 resolv: Implement no-aaaa stub resolver option
# so our version is not yet vulnerable
# See https://sourceware.org/bugzilla/show_bug.cgi?id=30842
CVE_CHECK_WHITELIST += "CVE-2023-4527"
DEPENDS += "gperf-native bison-native make-native"
NATIVESDKFIXES ?= ""