mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-06-14 05:49:57 +00:00
c-ares: ignore CVE-2023-31124
CVE-2023-31124 applies only when cross-compiling using autotools. Yocto cross-compiles via cmake which is also listed as official workaround. See: * https://nvd.nist.gov/vuln/detail/CVE-2023-31124 * https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Peter Marko
committed by
Armin Kuster
Armin Kuster
parent
7ee1d68fe1
commit
5adcef0348
@@ -23,3 +23,7 @@ PACKAGES =+ "${PN}-utils"
|
||||
FILES:${PN}-utils = "${bindir}"
|
||||
|
||||
BBCLASSEXTEND = "native nativesdk"
|
||||
|
||||
# this vulneribility applies only when cross-compiling using autotools
|
||||
# yocto cross-compiles via cmake which is also listed as official workaround
|
||||
CVE_CHECK_IGNORE += "CVE-2023-31124"
|
||||
|
||||
Reference in New Issue
Block a user