* [PATCH] openssl: Whitelist CVE-2019-0190
@ 2019-12-05 21:42 Adrian Bunk
0 siblings, 0 replies; only message in thread
From: Adrian Bunk @ 2019-12-05 21:42 UTC (permalink / raw)
To: openembedded-core
This is only a problem with older Apache versions.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
---
meta/recipes-connectivity/openssl/openssl_1.1.1d.bb | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
index 8819e19ec4..f653e05acc 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
@@ -202,3 +202,7 @@ RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash"
BBCLASSEXTEND = "native nativesdk"
CVE_PRODUCT = "openssl:openssl"
+
+# Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37
+# Apache in meta-webserver is already recent enough
+CVE_CHECK_WHITELIST += "CVE-2019-0190"
--
2.17.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2019-12-05 21:42 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-12-05 21:42 [PATCH] openssl: Whitelist CVE-2019-0190 Adrian Bunk
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.