mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity

frr: ignore CVE-2023-3748, CVE-2023-41359..61

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-3748
https://nvd.nist.gov/vuln/detail/CVE-2023-41359
https://nvd.nist.gov/vuln/detail/CVE-2023-41360
https://nvd.nist.gov/vuln/detail/CVE-2023-41361

Regarding CVE-2023-3748:
Based on Debian's investigation, the vulnerability was solved by [1].
However that vulnerable code that was fixed was introduced after the
recipe version, only in version 8.4.0[2].

Since the recipe version isn't affected by this CVE, ignore it.

Regarding CVE-2023-41359:
The pull request[3] referenced by the NVD report references another pull
request[4] which was opened to backport the fix. The conversion on this
PR confirms that the vulnerable feature was introduced in 8.5.

Due to this, ignore this CVE.

Regarding CVE-2023-41360:
The vulnerable code was introduced[5] in version 8.4.0, and the
recipe version is not vulnerable.

Due to this ignore this CVE.

Regarding CVE-2023-41361:
The vulnerable code was introduced[6] in version 9.0 and the recipe
version is not vulnerable.

Due to this ignore this CVE.

[1]: https://github.com/FRRouting/frr/commit/0a95d121ca8e1f43d41d952d6c82d111ca850085
[2]: https://github.com/FRRouting/frr/commit/54a3e60b3ebd3621c4dd90b0b49e8e36e4e100d8
[3]: https://github.com/FRRouting/frr/pull/14232
[4]: https://github.com/FRRouting/frr/pull/15927
[5]: https://github.com/FRRouting/frr/commit/f1aa49293a4a8302b70989aaa9ceb715385c3a7e
[6]: https://github.com/FRRouting/frr/commit/234f6fd4f4804bb17bd8cbb1dd91994a914f38d2

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Gyorgy Sarvari
2026-01-29 07:31:28 +01:00
parent 702efc091e
commit ef6ef1492c
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-networking/recipes-protocols/frr/frr_8.2.2.bb
+9
View File
@@ -42,6 +42,15 @@ SRCREV = "79188bf710e92acf42fb5b9b0a2e9593a5ee9b05"
CVE_PRODUCT = "frrouting" CVE_PRODUCT = "frrouting"
# the vulnerability was introduced in v8.4.0
CVE_CHECK_IGNORE += "CVE-2023-3748 CVE-2023-41360"
# the vulnerability did not exist until 8.5
CVE_CHECK_IGNORE += "CVE-2023-41359"
# the vulnerability was introduced in 9.0
CVE_CHECK_IGNORE += "CVE-2023-41361"
S = "${WORKDIR}/git" S = "${WORKDIR}/git"
# Due to libyang not supported on these arches: # Due to libyang not supported on these arches: