* [OE-core][meta-oe][dunfell][PATCH] mdns: Whitelisted CVE-2007-0613 for mdns
@ 2021-03-08 5:58 Sana Kazi
2021-03-08 16:08 ` Khem Raj
0 siblings, 1 reply; 2+ messages in thread
From: Sana Kazi @ 2021-03-08 5:58 UTC (permalink / raw)
To: Openembedded-core, raj.khem
Cc: nisha.parrakat, Aditya.Tayade, Harpritkaur.Bhandari
CVE-2007-0613 is not applicable as it only affects Apple products
i.e. ichat,mdnsresponder, instant message framework and MacOS.
Also, https://www.exploit-db.com/exploits/3230 shows the part of code
affected by CVE-2007-0613 which is not preset in upstream source code.
Hence, CVE-2007-0613 does not affect other Yocto implementations and
is not reported for other distros can be marked whitelisted.
Links:
https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2007-0613
https://security-tracker.debian.org/tracker/CVE-2007-0613
https://ubuntu.com/security/CVE-2007-0613
https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
---
.../recipes-protocols/mdns/mdns_878.270.2.bb | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/meta-networking/recipes-protocols/mdns/mdns_878.270.2.bb b/meta-networking/recipes-protocols/mdns/mdns_878.270.2.bb
index 0f8dc92df3..ce31233264 100644
--- a/meta-networking/recipes-protocols/mdns/mdns_878.270.2.bb
+++ b/meta-networking/recipes-protocols/mdns/mdns_878.270.2.bb
@@ -26,6 +26,19 @@ SRC_URI = "https://opensource.apple.com/tarballs/mDNSResponder/mDNSResponder-${P
SRC_URI[md5sum] = "4e139a8e1133349006b0436291c9e29b"
SRC_URI[sha256sum] = "2cef0ee9900504c5277fb81de0a28e6c0835fe482ebecf1067c6864f5c4eda74"
+# CVE-2007-0613 is not applicable as it only affects Apple products
+# i.e. ichat,mdnsresponder, instant message framework and MacOS.
+# Also, https://www.exploit-db.com/exploits/3230 shows the part of code
+# affected by CVE-2007-0613 which is not preset in upstream source code.
+# Hence, CVE-2007-0613 does not affect other Yocto implementations and
+# is not reported for other distros can be marked whitelisted.
+# Links:
+# https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
+# https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2007-0613
+# https://security-tracker.debian.org/tracker/CVE-2007-0613
+# https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
+CVE_CHECK_WHITELIST += "CVE-2007-0613"
+
PARALLEL_MAKE = ""
S = "${WORKDIR}/mDNSResponder-${PV}/mDNSPosix"
--
2.17.1
This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [OE-core][meta-oe][dunfell][PATCH] mdns: Whitelisted CVE-2007-0613 for mdns
2021-03-08 5:58 [OE-core][meta-oe][dunfell][PATCH] mdns: Whitelisted CVE-2007-0613 for mdns Sana Kazi
@ 2021-03-08 16:08 ` Khem Raj
0 siblings, 0 replies; 2+ messages in thread
From: Khem Raj @ 2021-03-08 16:08 UTC (permalink / raw)
To: Sana Kazi, Openembedded-core
Cc: nisha.parrakat, Aditya.Tayade, Harpritkaur.Bhandari
Hi Sana
Thanks for your contribution. this patch needs a bit of rework, please
apply it to master branch of meta-openembedded repository, this recipe
is from meta-networking layer therefore prefix your subject line with
[meta-networking] and meta-openembedded repo patches are sent to
oe-devel mailing list not oe-core
here are OE patch submission guideline whic h will be helpful
https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded
https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
On 3/7/21 9:58 PM, Sana Kazi wrote:
> CVE-2007-0613 is not applicable as it only affects Apple products
> i.e. ichat,mdnsresponder, instant message framework and MacOS.
> Also, https://www.exploit-db.com/exploits/3230 shows the part of code
> affected by CVE-2007-0613 which is not preset in upstream source code.
> Hence, CVE-2007-0613 does not affect other Yocto implementations and
> is not reported for other distros can be marked whitelisted.
> Links:
> https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
> https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2007-0613
> https://security-tracker.debian.org/tracker/CVE-2007-0613
> https://ubuntu.com/security/CVE-2007-0613
> https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
> ---
> .../recipes-protocols/mdns/mdns_878.270.2.bb | 13 +++++++++++++
> 1 file changed, 13 insertions(+)
>
> diff --git a/meta-networking/recipes-protocols/mdns/mdns_878.270.2.bb b/meta-networking/recipes-protocols/mdns/mdns_878.270.2.bb
> index 0f8dc92df3..ce31233264 100644
> --- a/meta-networking/recipes-protocols/mdns/mdns_878.270.2.bb
> +++ b/meta-networking/recipes-protocols/mdns/mdns_878.270.2.bb
> @@ -26,6 +26,19 @@ SRC_URI = "https://opensource.apple.com/tarballs/mDNSResponder/mDNSResponder-${P
> SRC_URI[md5sum] = "4e139a8e1133349006b0436291c9e29b"
> SRC_URI[sha256sum] = "2cef0ee9900504c5277fb81de0a28e6c0835fe482ebecf1067c6864f5c4eda74"
>
> +# CVE-2007-0613 is not applicable as it only affects Apple products
> +# i.e. ichat,mdnsresponder, instant message framework and MacOS.
> +# Also, https://www.exploit-db.com/exploits/3230 shows the part of code
> +# affected by CVE-2007-0613 which is not preset in upstream source code.
> +# Hence, CVE-2007-0613 does not affect other Yocto implementations and
> +# is not reported for other distros can be marked whitelisted.
> +# Links:
> +# https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
> +# https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2007-0613
> +# https://security-tracker.debian.org/tracker/CVE-2007-0613
> +# https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
> +CVE_CHECK_WHITELIST += "CVE-2007-0613"
> +
> PARALLEL_MAKE = ""
>
> S = "${WORKDIR}/mDNSResponder-${PV}/mDNSPosix"
> --
> 2.17.1
>
> This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-03-08 16:08 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-08 5:58 [OE-core][meta-oe][dunfell][PATCH] mdns: Whitelisted CVE-2007-0613 for mdns Sana Kazi
2021-03-08 16:08 ` Khem Raj
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.