All of lore.kernel.org
 help / color / mirror / Atom feed
* [meta-oe][dunfell][PATCH v2] fuse: Whitelisted CVE-2019-14860
@ 2021-04-09  9:52 saloni
  2021-04-09 14:25 ` [oe] " Anuj Mittal
  0 siblings, 1 reply; 2+ messages in thread
From: saloni @ 2021-04-09  9:52 UTC (permalink / raw)
  To: openembedded-devel, raj.khem; +Cc: nisha.parrakat

CVE-2019-14860 is a REDHAT specific issue and
was addressed for REDHAT Fuse products on
Red Hat Fuse 7.4.1 and Red Hat Fuse 7.5.0.
REDHAT has also released the fix and updated their
security advisories after significant releases.
Hence, whitelisted the CVE-2019-14860.

Link: https://access.redhat.com/security/cve/cve-2019-14860
Link: https://access.redhat.com/errata/RHSA-2019:3244
Link: https://access.redhat.com/errata/RHSA-2019:3892

Signed-off-by: Saloni Jain <Saloni.Jain@kpit.com>
---
 meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb b/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb
index 95e870691..97e399e42 100644
--- a/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb
+++ b/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb
@@ -19,6 +19,11 @@ SRC_URI = "https://github.com/libfuse/libfuse/releases/download/${BP}/${BP}.tar.
 SRC_URI[md5sum] = "8000410aadc9231fd48495f7642f3312"
 SRC_URI[sha256sum] = "d0e69d5d608cc22ff4843791ad097f554dd32540ddc9bed7638cc6fea7c1b4b5"

+# CVE-2019-14860 is a REDHAT specific issue and was addressed for REDHAT Fuse products on Red Hat Fuse 7.4.1 and Red Hat Fuse 7.5.0.
+# REDHAT has also released the fix and updated their security advisories after significant releases.
+CVE_PRODUCT = "fuse_project:fuse"
+CVE_CHECK_WHITELIST += "CVE-2019-14860"
+
 UPSTREAM_CHECK_URI = "https://github.com/libfuse/libfuse/releases"
 UPSTREAM_CHECK_REGEX = "fuse\-(?P<pver>2(\.\d+)+).tar.gz"

--
2.17.1

This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [oe] [meta-oe][dunfell][PATCH v2] fuse: Whitelisted CVE-2019-14860
  2021-04-09  9:52 [meta-oe][dunfell][PATCH v2] fuse: Whitelisted CVE-2019-14860 saloni
@ 2021-04-09 14:25 ` Anuj Mittal
  0 siblings, 0 replies; 2+ messages in thread
From: Anuj Mittal @ 2021-04-09 14:25 UTC (permalink / raw)
  To: saloni, openembedded-devel, raj.khem; +Cc: nisha.parrakat

> -----Original Message-----
> From: openembedded-devel@lists.openembedded.org <openembedded-
> devel@lists.openembedded.org> On Behalf Of saloni
> Sent: Friday, April 9, 2021 05:53 PM
> To: openembedded-devel@lists.openembedded.org; raj.khem@gmail.com
> Cc: nisha.parrakat@kpit.com
> Subject: [oe] [meta-oe][dunfell][PATCH v2] fuse: Whitelisted CVE-2019-14860
> 
> CVE-2019-14860 is a REDHAT specific issue and was addressed for REDHAT Fuse
> products on Red Hat Fuse 7.4.1 and Red Hat Fuse 7.5.0.
> REDHAT has also released the fix and updated their security advisories after
> significant releases.
> Hence, whitelisted the CVE-2019-14860.
> 
> Link: https://access.redhat.com/security/cve/cve-2019-14860
> Link: https://access.redhat.com/errata/RHSA-2019:3244
> Link: https://access.redhat.com/errata/RHSA-2019:3892
> 
> Signed-off-by: Saloni Jain <Saloni.Jain@kpit.com>
> ---
>  meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb b/meta-
> filesystems/recipes-support/fuse/fuse_2.9.9.bb
> index 95e870691..97e399e42 100644
> --- a/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb
> +++ b/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb
> @@ -19,6 +19,11 @@ SRC_URI =
> "https://github.com/libfuse/libfuse/releases/download/${BP}/${BP}.tar.
>  SRC_URI[md5sum] = "8000410aadc9231fd48495f7642f3312"
>  SRC_URI[sha256sum] =
> "d0e69d5d608cc22ff4843791ad097f554dd32540ddc9bed7638cc6fea7c1b4b5"
> 
> +# CVE-2019-14860 is a REDHAT specific issue and was addressed for REDHAT
> Fuse products on Red Hat Fuse 7.4.1 and Red Hat Fuse 7.5.0.
> +# REDHAT has also released the fix and updated their security advisories after
> significant releases.
> +CVE_PRODUCT = "fuse_project:fuse"
> +CVE_CHECK_WHITELIST += "CVE-2019-14860"

This CVE is not listed for fuse_project:fuse so there should not be any need to whitelist it.

Thanks,

Anuj

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-04-09 14:25 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-09  9:52 [meta-oe][dunfell][PATCH v2] fuse: Whitelisted CVE-2019-14860 saloni
2021-04-09 14:25 ` [oe] " Anuj Mittal

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.