mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-04 14:39:54 +00:00
Code Issues Projects Releases Wiki Activity

syslog-ng: ignore CVE-2022-38725

Browse Source 
This CVE is fixed in 3.38.1, however cve-check indicates it as
not fixed because there is also cpe for premium version.
There is currently no method to filter this away in cve-check.

Relevant CPEs:
cpe:2.3:a:oneidentity:syslog-ng:*:*:*:*:-:*:*:*       < 3.38.1
cpe:2.3:a:oneidentity:syslog-ng:*:*:*:*:premium:*:*:* < 7.0.32

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This commit is contained in:
Peter Marko
2024-02-04 21:00:25 +01:00
committed by Khem Raj
parent 3c6b994562
commit 8371516578
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-support/syslog-ng/syslog-ng_4.0.1.bb
+2
View File
@@ -30,6 +30,8 @@ SRC_URI[sha256sum] = "c16eafe447191c079f471846182876b7919d3d789af8c1f9fe55ab1452
UPSTREAM_CHECK_URI = "https://github.com/balabit/syslog-ng/releases"
CVE_STATUS[CVE-2022-38725] = "cpe-incorrect: cve-check wrongly matches cpe:2.3:a:oneidentity:syslog-ng:*:*:*:*:premium:*:*:* < 7.0.32"
inherit autotools gettext systemd pkgconfig update-rc.d multilib_header
EXTRA_OECONF = " \