All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH 1/2] grub: Exclude CVE-2019-14865 from cve-check
@ 2021-05-20 17:44 Richard Purdie
  2021-05-20 17:44 ` [PATCH 2/2] cve-extra-exclusions.inc: Clean up merged CPE updates Richard Purdie
  0 siblings, 1 reply; 2+ messages in thread
From: Richard Purdie @ 2021-05-20 17:44 UTC (permalink / raw)
  To: openembedded-core

The CVE only applies to RHEL.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-bsp/grub/grub2.inc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index f0fa86b1823..3c6b434c2d5 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -34,6 +34,9 @@ CVE_CHECK_WHITELIST += "\
     CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 \
     CVE-2021-3418 CVE-2021-20225 CVE-2021-20233"
 
+# Applies only to RHEL
+CVE_CHECK_WHITELIST += "CVE-2019-14865"
+
 S = "${WORKDIR}/grub-${REALPV}"
 
 UPSTREAM_CHECK_URI = "${GNU_MIRROR}/grub"
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* [PATCH 2/2] cve-extra-exclusions.inc: Clean up merged CPE updates
  2021-05-20 17:44 [PATCH 1/2] grub: Exclude CVE-2019-14865 from cve-check Richard Purdie
@ 2021-05-20 17:44 ` Richard Purdie
  0 siblings, 0 replies; 2+ messages in thread
From: Richard Purdie @ 2021-05-20 17:44 UTC (permalink / raw)
  To: openembedded-core

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/conf/distro/include/cve-extra-exclusions.inc | 15 ---------------
 1 file changed, 15 deletions(-)

diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc b/meta/conf/distro/include/cve-extra-exclusions.inc
index b2816c3dd52..cf07acce1db 100644
--- a/meta/conf/distro/include/cve-extra-exclusions.inc
+++ b/meta/conf/distro/include/cve-extra-exclusions.inc
@@ -53,21 +53,6 @@ CVE_CHECK_WHITELIST += "CVE-2020-29509 CVE-2020-29511"
 # so from 1.17 onwards. Reported to the database for update by RP 2021/5/9. Update accepted 2021/5/10.
 #CVE_CHECK_WHITELIST += "CVE-2000-0803"
 
-# grub:grub-efi:grub-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14865
-# Looks like grub-set-bootflag is patched in by Fedora/RHEL:
-# https://src.fedoraproject.org/rpms/grub2/blob/498ea7003b4dd8079fc075fad7e19e0b190d0f97/f/0133-Add-grub-set-bootflag-utility.patch
-# Does not exist in upstream grub2:
-# https://git.savannah.gnu.org/cgit/grub.git/tree/util
-# Reported to the database for update by RP 2021/5/9 Update accepted 2021/5/12
-#CVE_CHECK_WHITELIST += "CVE-2019-14865"
-
-# tar https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4476 *
-# https://bugzilla.redhat.com/show_bug.cgi?id=280961 - issue affects paxutils included in tar
-# http://cvs.savannah.gnu.org/viewvc/paxutils/paxutils/paxlib/names.c?r1=1.2&r2=1.4 was the fix
-# included in tar 1.19 and later
-# CPE update sent, may or may not exclude for us
-#CVE_CHECK_WHITELIST += "CVE-2007-4476"
-
 
 
 #### Upstream still working on ####
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-05-20 17:44 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-20 17:44 [PATCH 1/2] grub: Exclude CVE-2019-14865 from cve-check Richard Purdie
2021-05-20 17:44 ` [PATCH 2/2] cve-extra-exclusions.inc: Clean up merged CPE updates Richard Purdie

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.