mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-07 16:59:22 +00:00
Code Issues Projects Releases Wiki Activity

zlib: Add CVE_PRODUCT to exclude false positives

Browse Source 
To avoid false positives (such as CVE-2023-6992, cloudflare:zlib), add a
CVE_PRODUCT to identify the vendors that have been used.

Removing the present existing CVE_STATUS for CVE-2023-6992.

(From OE-Core rev: 119b775b36dfd51286493763cffb6e965893b8fd)

Signed-off-by: Het Patel <hetpat@cisco.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Het Patel
2024-08-08 22:57:00 -07:00
committed by Richard Purdie
parent 4ffee489c6
commit 791a279af0
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-core/zlib/zlib_1.3.1.bb
+3 -1
View File
@@ -47,4 +47,6 @@ do_install_ptest() {
BBCLASSEXTEND = "native nativesdk"
CVE_STATUS[CVE-2023-45853] = "not-applicable-config: we don't build minizip"
CVE_STATUS[CVE-2023-6992] = "cpe-incorrect: this CVE is for cloudflare zlib"
# Adding 'CVE_PRODUCT' to avoid false detection of CVEs
CVE_PRODUCT = "zlib:zlib gnu:zlib"