* [poky][dunfell][PATCH] openssh: Whitelist CVE-2008-3844 and CVE-2020-15778
@ 2021-04-05 13:29 Sana Kazi
2021-04-05 22:35 ` [OE-core] " Steve Sakoman
0 siblings, 1 reply; 4+ messages in thread
From: Sana Kazi @ 2021-04-05 13:29 UTC (permalink / raw)
To: Openembedded-core, raj.khem
Cc: nisha.parrakat, Purushottam.Choudhary, Harpritkaur.Bhandari
Whitelisted below CVEs reported for openssh:
CVE-2008-3844 was reported in OpenSSH on Red Hat Enterprise Linux
and certain packages may have been compromised and has been fixed
by Red Hat. This CVE is not applicable as our source is OpenBSD.
Hence, this CVE is not reported for other distros and
can be whitelisted.
Links:
https://securitytracker.com/id?1020730
https://www.securityfocus.com/bid/30794
For CVE-2020-15778 OpenSSH through 8.3p1 is affected.
Hence, it can be whitelisted for 8.2p1
https://nvd.nist.gov/vuln/detail/CVE-2020-15778
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
---
meta/recipes-connectivity/openssh/openssh_8.2p1.bb | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/meta/recipes-connectivity/openssh/openssh_8.2p1.bb b/meta/recipes-connectivity/openssh/openssh_8.2p1.bb
index fe94f30503..f8037db986 100644
--- a/meta/recipes-connectivity/openssh/openssh_8.2p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_8.2p1.bb
@@ -32,6 +32,20 @@ SRC_URI[sha256sum] = "43925151e6cf6cee1450190c0e9af4dc36b41c12737619edff8bcebdff
# and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded
CVE_CHECK_WHITELIST += "CVE-2014-9278"
+# CVE-2008-3844 was reported in OpenSSH on Red Hat Enterprise Linux
+# and certain packages may have been compromised and has been fixed
+# by Red Hat. This CVE is not applicable as our source is OpenBSD.
+# Hence, this CVE is not reported for other distros
+# and can be marked whitelisted.
+# https://securitytracker.com/id?1020730
+# https://www.securityfocus.com/bid/30794
+CVE_CHECK_WHITELIST += "CVE-2008-3844"
+
+# For CVE-2020-15778 OpenSSH through 8.3p1 is affected.
+# Hence, it can be whitelisted for 8.2p1
+# https://nvd.nist.gov/vuln/detail/CVE-2020-15778
+CVE_CHECK_WHITELIST += "CVE-2020-15778"
+
PAM_SRC_URI = "file://sshd"
inherit manpages useradd update-rc.d update-alternatives systemd
--
2.17.1
This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [OE-core] [poky][dunfell][PATCH] openssh: Whitelist CVE-2008-3844 and CVE-2020-15778
2021-04-05 13:29 [poky][dunfell][PATCH] openssh: Whitelist CVE-2008-3844 and CVE-2020-15778 Sana Kazi
@ 2021-04-05 22:35 ` Steve Sakoman
2021-04-06 5:07 ` Sana Kazi
0 siblings, 1 reply; 4+ messages in thread
From: Steve Sakoman @ 2021-04-05 22:35 UTC (permalink / raw)
To: Sana Kazi
Cc: Patches and discussions about the oe-core layer, Khem Raj,
Nisha Parrakat, Purushottam Choudhary, Harpritkaur Bhandari
On Mon, Apr 5, 2021 at 3:30 AM Sana Kazi <Sana.Kazi@kpit.com> wrote:
>
> Whitelisted below CVEs reported for openssh:
>
> CVE-2008-3844 was reported in OpenSSH on Red Hat Enterprise Linux
> and certain packages may have been compromised and has been fixed
> by Red Hat. This CVE is not applicable as our source is OpenBSD.
> Hence, this CVE is not reported for other distros and
> can be whitelisted.
> Links:
> https://securitytracker.com/id?1020730
> https://www.securityfocus.com/bid/30794
>
> For CVE-2020-15778 OpenSSH through 8.3p1 is affected.
> Hence, it can be whitelisted for 8.2p1
This explanation doesn't make sense to me! If 8.2p1 is affected, why
are you proposing to whitelist it?
Steve
> https://nvd.nist.gov/vuln/detail/CVE-2020-15778
>
> Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
> ---
> meta/recipes-connectivity/openssh/openssh_8.2p1.bb | 14 ++++++++++++++
> 1 file changed, 14 insertions(+)
>
> diff --git a/meta/recipes-connectivity/openssh/openssh_8.2p1.bb b/meta/recipes-connectivity/openssh/openssh_8.2p1.bb
> index fe94f30503..f8037db986 100644
> --- a/meta/recipes-connectivity/openssh/openssh_8.2p1.bb
> +++ b/meta/recipes-connectivity/openssh/openssh_8.2p1.bb
> @@ -32,6 +32,20 @@ SRC_URI[sha256sum] = "43925151e6cf6cee1450190c0e9af4dc36b41c12737619edff8bcebdff
> # and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded
> CVE_CHECK_WHITELIST += "CVE-2014-9278"
>
> +# CVE-2008-3844 was reported in OpenSSH on Red Hat Enterprise Linux
> +# and certain packages may have been compromised and has been fixed
> +# by Red Hat. This CVE is not applicable as our source is OpenBSD.
> +# Hence, this CVE is not reported for other distros
> +# and can be marked whitelisted.
> +# https://securitytracker.com/id?1020730
> +# https://www.securityfocus.com/bid/30794
> +CVE_CHECK_WHITELIST += "CVE-2008-3844"
> +
> +# For CVE-2020-15778 OpenSSH through 8.3p1 is affected.
> +# Hence, it can be whitelisted for 8.2p1
> +# https://nvd.nist.gov/vuln/detail/CVE-2020-15778
> +CVE_CHECK_WHITELIST += "CVE-2020-15778"
> +
> PAM_SRC_URI = "file://sshd"
>
> inherit manpages useradd update-rc.d update-alternatives systemd
> --
> 2.17.1
>
> This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.
>
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [OE-core] [poky][dunfell][PATCH] openssh: Whitelist CVE-2008-3844 and CVE-2020-15778
2021-04-05 22:35 ` [OE-core] " Steve Sakoman
@ 2021-04-06 5:07 ` Sana Kazi
2021-04-06 14:54 ` Steve Sakoman
0 siblings, 1 reply; 4+ messages in thread
From: Sana Kazi @ 2021-04-06 5:07 UTC (permalink / raw)
To: Steve Sakoman
Cc: Patches and discussions about the oe-core layer, Khem Raj,
Nisha Parrakat, Purushottam Choudhary, Harpritkaur Bhandari
[-- Attachment #1: Type: text/plain, Size: 6293 bytes --]
Hi Steve,
Whitelisted CVE-2020-15778 because it is reflected in recent CVE metrics which you mailed on Sunday.
Thanks & Regards,
Sana Kazi
KPIT Technologies Limited
________________________________
From: Steve Sakoman <sakoman@gmail.com>
Sent: Tuesday, April 6, 2021 4:05 AM
To: Sana Kazi <Sana.Kazi@kpit.com>
Cc: Patches and discussions about the oe-core layer <Openembedded-core@lists.openembedded.org>; Khem Raj <raj.khem@gmail.com>; Nisha Parrakat <Nisha.Parrakat@kpit.com>; Purushottam Choudhary <Purushottam.Choudhary@kpit.com>; Harpritkaur Bhandari <Harpritkaur.Bhandari@kpit.com>
Subject: Re: [OE-core] [poky][dunfell][PATCH] openssh: Whitelist CVE-2008-3844 and CVE-2020-15778
On Mon, Apr 5, 2021 at 3:30 AM Sana Kazi <Sana.Kazi@kpit.com> wrote:
>
> Whitelisted below CVEs reported for openssh:
>
> CVE-2008-3844 was reported in OpenSSH on Red Hat Enterprise Linux
> and certain packages may have been compromised and has been fixed
> by Red Hat. This CVE is not applicable as our source is OpenBSD.
> Hence, this CVE is not reported for other distros and
> can be whitelisted.
> Links:
> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecuritytracker.com%2Fid%3F1020730&data=04%7C01%7CSana.Kazi%40kpit.com%7C8b8ab31f2f0142adf52e08d8f88323ea%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637532589452091655%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=AGj3kr88jZBCf2UPTYmok1x2orsmrY6AuLMBoTAmKSI%3D&reserved=0
> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.securityfocus.com%2Fbid%2F30794&data=04%7C01%7CSana.Kazi%40kpit.com%7C8b8ab31f2f0142adf52e08d8f88323ea%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637532589452091655%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=CNOSXhh%2BTAlkWkrnEpxS3v2p7JTwQH%2BL5idJyir1GOE%3D&reserved=0
>
> For CVE-2020-15778 OpenSSH through 8.3p1 is affected.
> Hence, it can be whitelisted for 8.2p1
This explanation doesn't make sense to me! If 8.2p1 is affected, why
are you proposing to whitelist it?
Steve
> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2020-15778&data=04%7C01%7CSana.Kazi%40kpit.com%7C8b8ab31f2f0142adf52e08d8f88323ea%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637532589452091655%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=OwC%2Flt6FcUUdt6aCUIk7mxk8a0QSC5%2F%2BLCX99yqZG2w%3D&reserved=0
>
> Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
> ---
> meta/recipes-connectivity/openssh/openssh_8.2p1.bb | 14 ++++++++++++++
> 1 file changed, 14 insertions(+)
>
> diff --git a/meta/recipes-connectivity/openssh/openssh_8.2p1.bb b/meta/recipes-connectivity/openssh/openssh_8.2p1.bb
> index fe94f30503..f8037db986 100644
> --- a/meta/recipes-connectivity/openssh/openssh_8.2p1.bb
> +++ b/meta/recipes-connectivity/openssh/openssh_8.2p1.bb
> @@ -32,6 +32,20 @@ SRC_URI[sha256sum] = "43925151e6cf6cee1450190c0e9af4dc36b41c12737619edff8bcebdff
> # and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded
> CVE_CHECK_WHITELIST += "CVE-2014-9278"
>
> +# CVE-2008-3844 was reported in OpenSSH on Red Hat Enterprise Linux
> +# and certain packages may have been compromised and has been fixed
> +# by Red Hat. This CVE is not applicable as our source is OpenBSD.
> +# Hence, this CVE is not reported for other distros
> +# and can be marked whitelisted.
> +# https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecuritytracker.com%2Fid%3F1020730&data=04%7C01%7CSana.Kazi%40kpit.com%7C8b8ab31f2f0142adf52e08d8f88323ea%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637532589452091655%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=AGj3kr88jZBCf2UPTYmok1x2orsmrY6AuLMBoTAmKSI%3D&reserved=0
> +# https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.securityfocus.com%2Fbid%2F30794&data=04%7C01%7CSana.Kazi%40kpit.com%7C8b8ab31f2f0142adf52e08d8f88323ea%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637532589452091655%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=CNOSXhh%2BTAlkWkrnEpxS3v2p7JTwQH%2BL5idJyir1GOE%3D&reserved=0
> +CVE_CHECK_WHITELIST += "CVE-2008-3844"
> +
> +# For CVE-2020-15778 OpenSSH through 8.3p1 is affected.
> +# Hence, it can be whitelisted for 8.2p1
> +# https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2020-15778&data=04%7C01%7CSana.Kazi%40kpit.com%7C8b8ab31f2f0142adf52e08d8f88323ea%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637532589452091655%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=OwC%2Flt6FcUUdt6aCUIk7mxk8a0QSC5%2F%2BLCX99yqZG2w%3D&reserved=0
> +CVE_CHECK_WHITELIST += "CVE-2020-15778"
> +
> PAM_SRC_URI = "file://sshd"
>
> inherit manpages useradd update-rc.d update-alternatives systemd
> --
> 2.17.1
>
> This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.
>
>
>
This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.
[-- Attachment #2: Type: text/html, Size: 12344 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [OE-core] [poky][dunfell][PATCH] openssh: Whitelist CVE-2008-3844 and CVE-2020-15778
2021-04-06 5:07 ` Sana Kazi
@ 2021-04-06 14:54 ` Steve Sakoman
0 siblings, 0 replies; 4+ messages in thread
From: Steve Sakoman @ 2021-04-06 14:54 UTC (permalink / raw)
To: Sana Kazi
Cc: Steve Sakoman, Patches and discussions about the oe-core layer,
Khem Raj, Nisha Parrakat, Purushottam Choudhary,
Harpritkaur Bhandari
On Mon, Apr 5, 2021 at 7:07 PM Sana Kazi <Sana.Kazi@kpit.com> wrote:
>
> Hi Steve,
>
> Whitelisted CVE-2020-15778 because it is reflected in recent CVE metrics which you mailed on Sunday.
Yes, it is in the CVE metrics report because the openssh version in
dunfell has the vulnerability.
You haven't explained why we should whitelist it, i.e. an explanation
similar to what you did with CVE-2008-3844.
> Thanks & Regards,
>
> Sana Kazi
> KPIT Technologies Limited
>
>
> ________________________________
> From: Steve Sakoman <sakoman@gmail.com>
> Sent: Tuesday, April 6, 2021 4:05 AM
> To: Sana Kazi <Sana.Kazi@kpit.com>
> Cc: Patches and discussions about the oe-core layer <Openembedded-core@lists.openembedded.org>; Khem Raj <raj.khem@gmail.com>; Nisha Parrakat <Nisha.Parrakat@kpit.com>; Purushottam Choudhary <Purushottam.Choudhary@kpit.com>; Harpritkaur Bhandari <Harpritkaur.Bhandari@kpit.com>
> Subject: Re: [OE-core] [poky][dunfell][PATCH] openssh: Whitelist CVE-2008-3844 and CVE-2020-15778
>
> On Mon, Apr 5, 2021 at 3:30 AM Sana Kazi <Sana.Kazi@kpit.com> wrote:
> >
> > Whitelisted below CVEs reported for openssh:
> >
> > CVE-2008-3844 was reported in OpenSSH on Red Hat Enterprise Linux
> > and certain packages may have been compromised and has been fixed
> > by Red Hat. This CVE is not applicable as our source is OpenBSD.
> > Hence, this CVE is not reported for other distros and
> > can be whitelisted.
> > Links:
> > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecuritytracker.com%2Fid%3F1020730&data=04%7C01%7CSana.Kazi%40kpit.com%7C8b8ab31f2f0142adf52e08d8f88323ea%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637532589452091655%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=AGj3kr88jZBCf2UPTYmok1x2orsmrY6AuLMBoTAmKSI%3D&reserved=0
> > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.securityfocus.com%2Fbid%2F30794&data=04%7C01%7CSana.Kazi%40kpit.com%7C8b8ab31f2f0142adf52e08d8f88323ea%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637532589452091655%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=CNOSXhh%2BTAlkWkrnEpxS3v2p7JTwQH%2BL5idJyir1GOE%3D&reserved=0
> >
> > For CVE-2020-15778 OpenSSH through 8.3p1 is affected.
> > Hence, it can be whitelisted for 8.2p1
>
> This explanation doesn't make sense to me! If 8.2p1 is affected, why
> are you proposing to whitelist it?
>
> Steve
>
> > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2020-15778&data=04%7C01%7CSana.Kazi%40kpit.com%7C8b8ab31f2f0142adf52e08d8f88323ea%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637532589452091655%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=OwC%2Flt6FcUUdt6aCUIk7mxk8a0QSC5%2F%2BLCX99yqZG2w%3D&reserved=0
> >
> > Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
> > ---
> > meta/recipes-connectivity/openssh/openssh_8.2p1.bb | 14 ++++++++++++++
> > 1 file changed, 14 insertions(+)
> >
> > diff --git a/meta/recipes-connectivity/openssh/openssh_8.2p1.bb b/meta/recipes-connectivity/openssh/openssh_8.2p1.bb
> > index fe94f30503..f8037db986 100644
> > --- a/meta/recipes-connectivity/openssh/openssh_8.2p1.bb
> > +++ b/meta/recipes-connectivity/openssh/openssh_8.2p1.bb
> > @@ -32,6 +32,20 @@ SRC_URI[sha256sum] = "43925151e6cf6cee1450190c0e9af4dc36b41c12737619edff8bcebdff
> > # and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded
> > CVE_CHECK_WHITELIST += "CVE-2014-9278"
> >
> > +# CVE-2008-3844 was reported in OpenSSH on Red Hat Enterprise Linux
> > +# and certain packages may have been compromised and has been fixed
> > +# by Red Hat. This CVE is not applicable as our source is OpenBSD.
> > +# Hence, this CVE is not reported for other distros
> > +# and can be marked whitelisted.
> > +# https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecuritytracker.com%2Fid%3F1020730&data=04%7C01%7CSana.Kazi%40kpit.com%7C8b8ab31f2f0142adf52e08d8f88323ea%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637532589452091655%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=AGj3kr88jZBCf2UPTYmok1x2orsmrY6AuLMBoTAmKSI%3D&reserved=0
> > +# https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.securityfocus.com%2Fbid%2F30794&data=04%7C01%7CSana.Kazi%40kpit.com%7C8b8ab31f2f0142adf52e08d8f88323ea%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637532589452091655%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=CNOSXhh%2BTAlkWkrnEpxS3v2p7JTwQH%2BL5idJyir1GOE%3D&reserved=0
> > +CVE_CHECK_WHITELIST += "CVE-2008-3844"
> > +
> > +# For CVE-2020-15778 OpenSSH through 8.3p1 is affected.
> > +# Hence, it can be whitelisted for 8.2p1
> > +# https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2020-15778&data=04%7C01%7CSana.Kazi%40kpit.com%7C8b8ab31f2f0142adf52e08d8f88323ea%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637532589452091655%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=OwC%2Flt6FcUUdt6aCUIk7mxk8a0QSC5%2F%2BLCX99yqZG2w%3D&reserved=0
> > +CVE_CHECK_WHITELIST += "CVE-2020-15778"
> > +
> > PAM_SRC_URI = "file://sshd"
> >
> > inherit manpages useradd update-rc.d update-alternatives systemd
> > --
> > 2.17.1
> >
> > This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.
> >
> >
> >
> This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.
>
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-04-06 14:55 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-05 13:29 [poky][dunfell][PATCH] openssh: Whitelist CVE-2008-3844 and CVE-2020-15778 Sana Kazi
2021-04-05 22:35 ` [OE-core] " Steve Sakoman
2021-04-06 5:07 ` Sana Kazi
2021-04-06 14:54 ` Steve Sakoman
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.