[meta-java][dunfell][PATCH v2] xerces-j: Whitelisted CVE-2018-2799

[meta-java][dunfell][PATCH v2] xerces-j: Whitelisted CVE-2018-2799

[Saloni Jain]

Whitelisted below CVE:
CVE-2018-2799:
CVE only applies to some Oracle Java SE and Red Hat
Enterprise Linux versions which is already fixed with
updates and the issue is closed.
Link: https://access.redhat.com/security/cve/CVE-2018-2799
Link: https://bugzilla.redhat.com/show_bug.cgi?id=1567542

Signed-off-by: Saloni Jain <jainsaloni0918@gmail.com>
---
 recipes-core/xerces-j/xerces-j_2.11.0.bb | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/recipes-core/xerces-j/xerces-j_2.11.0.bb b/recipes-core/xerces-j/xerces-j_2.11.0.bb
index 98ef32f..f2a4434 100644
--- a/recipes-core/xerces-j/xerces-j_2.11.0.bb
+++ b/recipes-core/xerces-j/xerces-j_2.11.0.bb
@@ -14,6 +14,12 @@ LIC_FILES_CHKSUM = " \
 
 SRC_URI = "http://archive.apache.org/dist/xerces/j/Xerces-J-src.${PV}.tar.gz"
 
+# CVE only applies to some Oracle Java SE and Red Hat Enterprise Linux versions.
+# Already fixed with updates and closed.
+# https://access.redhat.com/security/cve/CVE-2018-2799
+# https://bugzilla.redhat.com/show_bug.cgi?id=1567542
+CVE_CHECK_WHITELIST += "CVE-2018-2799"
+
 S = "${WORKDIR}/xerces-2_11_0"
 
 inherit java-library
-- 
2.17.1

Re: [meta-java][dunfell][PATCH v2] xerces-j: Whitelisted CVE-2018-2799

[akash hadke]

[-- Attachment #1: Type: text/plain, Size: 76 bytes --]

Hi,

Is there any update on this? Is it going to integrate into dunfell?

[-- Attachment #2: Type: text/html, Size: 84 bytes --]

Re: [oe] [meta-java][dunfell][PATCH v2] xerces-j: Whitelisted CVE-2018-2799

[Richard Leitner - SKIDATA]

Hi Akash,

On Sat, Nov 13, 2021 at 05:53:46AM -0800, akash hadke via lists.openembedded.org wrote:
> Hi,
> 
> Is there any update on this? Is it going to integrate into dunfell?

Thanks for the reminder.
It seems my CI script missed the final push.

I'm sorry!

Everything should be up2date now.

regards;rl