mirror of
https://git.yoctoproject.org/poky
synced 2026-07-16 15:57:04 +00:00
cve-extra-exclusions: ignore inapplicable linux-yocto CVEs
Multiple CVEs are patched in kernel but appear as active because the NVD database is not up to date. In common file cve-extra-exclusion.inc, CVEs are ignored if and only if all versions of kernel used are patched. In cve-exclusion_6.1.inc, only ignore CVEs that are patched in v6.1, and not patched in v5.15. Recipes of version 6.1 should include this file. Reviewed-by: Yoann Congal <yoann.congal@smile.fr> (From OE-Core rev: 5feb065f1b1aaf218f71cc9d31a9251b139b9442) Signed-off-by: Geoffrey GIRY <geoffrey.giry@smile.fr> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
committed by
Richard Purdie
parent
0e5bdb623b
commit
b8bfd3b01b
@@ -2,6 +2,9 @@ KBRANCH ?= "v6.1/standard/base"
|
||||
|
||||
require recipes-kernel/linux/linux-yocto.inc
|
||||
|
||||
# CVE exclusions
|
||||
include recipes-kernel/linux/cve-exclusion_6.1.inc
|
||||
|
||||
# board specific branches
|
||||
KBRANCH:qemuarm ?= "v6.1/standard/arm-versatile-926ejs"
|
||||
KBRANCH:qemuarm64 ?= "v6.1/standard/qemuarm64"
|
||||
|
||||
Reference in New Issue
Block a user