emlog: ignore inapplicable CVEs

The CVEs: * CVE-2019-16868 * CVE-2019-17073 * CVE-2021-44584 * CVE-2022-1526 * CVE-2022-3968 * CVE-2023-43291 ... apply to the other "emlog" and can be safely ignored. Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2026-06-14 05:49:57 +00:00 · 2023-11-14 11:23:50 +01:00
parent 77a7a2881d
commit b9c0cacc11
1 changed files with 13 additions and 0 deletions
@@ -24,3 +24,16 @@ do_install() {
 }

 RRECOMMENDS_${PN} += "kernel-module-emlog"
+
+# The NVD database doesn't have a CPE for this product,
+# the name of this product is exactly the same as github.com/emlog/emlog
+# but it's not related in any way. The following CVEs are from that project
+# so they can be safely ignored
+CVE_CHECK_WHITELIST += "\
+    CVE-2019-16868 \
+    CVE-2019-17073 \
+    CVE-2021-44584 \
+    CVE-2022-1526 \
+    CVE-2022-3968 \
+    CVE-2023-43291 \
+"