* Re: [OE-core] [meta-oe][dunfell][PATCH] protobuf: Whitelist CVE-2015-5237
[not found] <20210614104631.3190-1-Rahultaya96@gmail.com>
@ 2021-06-14 15:45 ` Armin Kuster
2021-06-14 18:44 ` Steve Sakoman
0 siblings, 1 reply; 4+ messages in thread
From: Armin Kuster @ 2021-06-14 15:45 UTC (permalink / raw)
To: RAHUL taya, openembedded-core, raj.khem
Cc: nisha.parrakat, purushottam.choudhary
On 6/14/21 3:46 AM, RAHUL taya wrote:
> As per below reference links this CVE issue seems to be minor and
> harmless and as per upstream this is not a real issue in practice.
>
> And as per red hat this issue is marked as low severity.
>
> 1. https://bugzilla.suse.com/show_bug.cgi?id=CVE-2015-5237
> 2. https://security-tracker.debian.org/tracker/CVE-2015-5237
> 3. https://ubuntu.com/security/CVE-2015-5237
> 4. https://github.com/protocolbuffers/protobuf/issues/760
Thanks,
Please use the openembedded-devel@lists.openembedded.org
for meta-oe patches.
-armin
>
> Upstream-Status: Pending
>
> Signed-off-by: Rahul Taya <Rahultaya96@gmail.com>
> ---
> meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb b/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb
> index 4d6c5b255..f845a72a0 100644
> --- a/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb
> +++ b/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb
> @@ -88,3 +88,11 @@ LDFLAGS_append_arm = " -latomic"
> LDFLAGS_append_mips = " -latomic"
> LDFLAGS_append_powerpc = " -latomic"
> LDFLAGS_append_mipsel = " -latomic"
> +
> +# As per below links this issue is minor and harmless and
> +# as per upstream this is not a real issue in practice.
> +# https://bugzilla.suse.com/show_bug.cgi?id=CVE-2015-5237
> +# https://security-tracker.debian.org/tracker/CVE-2015-5237
> +# https://ubuntu.com/security/CVE-2015-5237
> +# https://github.com/protocolbuffers/protobuf/issues/760
> +CVE_CHECK_WHITELIST += "CVE-2015-5237"
>
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [OE-core] [meta-oe][dunfell][PATCH] protobuf: Whitelist CVE-2015-5237
2021-06-14 15:45 ` [OE-core] [meta-oe][dunfell][PATCH] protobuf: Whitelist CVE-2015-5237 Armin Kuster
@ 2021-06-14 18:44 ` Steve Sakoman
2021-06-15 5:54 ` Rahul Taya
0 siblings, 1 reply; 4+ messages in thread
From: Steve Sakoman @ 2021-06-14 18:44 UTC (permalink / raw)
To: RAHUL taya
Cc: Patches and discussions about the oe-core layer, Khem Raj,
Nisha Parrakat, Purushottam Choudhary, Armin Kuster
On Mon, Jun 14, 2021 at 5:45 AM Armin Kuster <akuster808@gmail.com> wrote:
>
>
>
> On 6/14/21 3:46 AM, RAHUL taya wrote:
> > As per below reference links this CVE issue seems to be minor and
> > harmless and as per upstream this is not a real issue in practice.
> >
> > And as per red hat this issue is marked as low severity.
> >
> > 1. https://bugzilla.suse.com/show_bug.cgi?id=CVE-2015-5237
> > 2. https://security-tracker.debian.org/tracker/CVE-2015-5237
> > 3. https://ubuntu.com/security/CVE-2015-5237
> > 4. https://github.com/protocolbuffers/protobuf/issues/760
> Thanks,
>
> Please use the openembedded-devel@lists.openembedded.org
> for meta-oe patches.
Also only tag for the intended repo, in this case [meta-oe]. I can't
imagine a case where you would need to tag a patch with both [OE-core]
and [meta-oe]!
This maintainer gets confused easily, so if you tag a patch for
[OE-core] and it is for a recipe in [meta-oe] I will waste time in a
state of confusion ;-)
Steve
> -armin
> >
> > Upstream-Status: Pending
> >
> > Signed-off-by: Rahul Taya <Rahultaya96@gmail.com>
> > ---
> > meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb | 8 ++++++++
> > 1 file changed, 8 insertions(+)
> >
> > diff --git a/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb b/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb
> > index 4d6c5b255..f845a72a0 100644
> > --- a/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb
> > +++ b/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb
> > @@ -88,3 +88,11 @@ LDFLAGS_append_arm = " -latomic"
> > LDFLAGS_append_mips = " -latomic"
> > LDFLAGS_append_powerpc = " -latomic"
> > LDFLAGS_append_mipsel = " -latomic"
> > +
> > +# As per below links this issue is minor and harmless and
> > +# as per upstream this is not a real issue in practice.
> > +# https://bugzilla.suse.com/show_bug.cgi?id=CVE-2015-5237
> > +# https://security-tracker.debian.org/tracker/CVE-2015-5237
> > +# https://ubuntu.com/security/CVE-2015-5237
> > +# https://github.com/protocolbuffers/protobuf/issues/760
> > +CVE_CHECK_WHITELIST += "CVE-2015-5237"
> >
> >
> >
>
>
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [OE-core] [meta-oe][dunfell][PATCH] protobuf: Whitelist CVE-2015-5237
2021-06-14 18:44 ` Steve Sakoman
@ 2021-06-15 5:54 ` Rahul Taya
0 siblings, 0 replies; 4+ messages in thread
From: Rahul Taya @ 2021-06-15 5:54 UTC (permalink / raw)
To: sakoman
Cc: Patches and discussions about the oe-core layer, Khem Raj,
Nisha Parrakat, Purushottam Choudhary, Armin Kuster
[-- Attachment #1: Type: text/plain, Size: 6818 bytes --]
Hi Steve/Akuster,
I think as i have sent this patch to: openembedded-core@lists.openembedded.org
that's why this tag [OE-core] is automatically added as i have not added it .
Please do not consider this patch i will send a new one to:
openembedded-devel@lists.openembedded.org
And as per NVD it affects version upto 3.1 (including)
https://nvd.nist.gov/vuln/detail/CVE-2015-5237#range-6634983
Thanks and Regards,
Rahul Taya
________________________________
From: openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org> on behalf of Steve Sakoman via lists.openembedded.org <sakoman=gmail.com@lists.openembedded.org>
Sent: Tuesday, June 15, 2021 12:14 AM
To: RAHUL taya <rahultaya96@gmail.com>
Cc: Patches and discussions about the oe-core layer <openembedded-core@lists.openembedded.org>; Khem Raj <raj.khem@gmail.com>; Nisha Parrakat <Nisha.Parrakat@kpit.com>; Purushottam Choudhary <Purushottam.Choudhary@kpit.com>; Armin Kuster <akuster808@gmail.com>
Subject: Re: [OE-core] [meta-oe][dunfell][PATCH] protobuf: Whitelist CVE-2015-5237
On Mon, Jun 14, 2021 at 5:45 AM Armin Kuster <akuster808@gmail.com> wrote:
>
>
>
> On 6/14/21 3:46 AM, RAHUL taya wrote:
> > As per below reference links this CVE issue seems to be minor and
> > harmless and as per upstream this is not a real issue in practice.
> >
> > And as per red hat this issue is marked as low severity.
> >
> > 1. https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.suse.com%2Fshow_bug.cgi%3Fid%3DCVE-2015-5237&data=04%7C01%7CRahul.Taya%40kpit.com%7C511769123a5942dcefef08d92f648e7c%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637592931217228847%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=JshJaYWDGbjS%2BKDl9edlfrVB%2BSK3bv1l1TA%2BoVj4V4k%3D&reserved=0
> > 2. https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2015-5237&data=04%7C01%7CRahul.Taya%40kpit.com%7C511769123a5942dcefef08d92f648e7c%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637592931217228847%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=yUE0n3WsdYOfAyF3yOsDdJxpjWiOdevwJTvlddmmWG8%3D&reserved=0
> > 3. https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fubuntu.com%2Fsecurity%2FCVE-2015-5237&data=04%7C01%7CRahul.Taya%40kpit.com%7C511769123a5942dcefef08d92f648e7c%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637592931217228847%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=iFCm4U0STA4Y%2F1v%2FJUP%2FMNUf%2F6hh%2FbtIdwMdMa53tl8%3D&reserved=0
> > 4. https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fprotocolbuffers%2Fprotobuf%2Fissues%2F760&data=04%7C01%7CRahul.Taya%40kpit.com%7C511769123a5942dcefef08d92f648e7c%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637592931217228847%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=z8SsawnKwk224oMuShYIsQwG9fGrfzRgR1Nzj%2FnJ8Yg%3D&reserved=0
> Thanks,
>
> Please use the openembedded-devel@lists.openembedded.org
> for meta-oe patches.
Also only tag for the intended repo, in this case [meta-oe]. I can't
imagine a case where you would need to tag a patch with both [OE-core]
and [meta-oe]!
This maintainer gets confused easily, so if you tag a patch for
[OE-core] and it is for a recipe in [meta-oe] I will waste time in a
state of confusion ;-)
Steve
> -armin
> >
> > Upstream-Status: Pending
> >
> > Signed-off-by: Rahul Taya <Rahultaya96@gmail.com>
> > ---
> > meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb | 8 ++++++++
> > 1 file changed, 8 insertions(+)
> >
> > diff --git a/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb b/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb
> > index 4d6c5b255..f845a72a0 100644
> > --- a/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb
> > +++ b/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb
> > @@ -88,3 +88,11 @@ LDFLAGS_append_arm = " -latomic"
> > LDFLAGS_append_mips = " -latomic"
> > LDFLAGS_append_powerpc = " -latomic"
> > LDFLAGS_append_mipsel = " -latomic"
> > +
> > +# As per below links this issue is minor and harmless and
> > +# as per upstream this is not a real issue in practice.
> > +# https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.suse.com%2Fshow_bug.cgi%3Fid%3DCVE-2015-5237&data=04%7C01%7CRahul.Taya%40kpit.com%7C511769123a5942dcefef08d92f648e7c%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637592931217238740%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=4SctlXfyhEg32X7RbVLb0NJiXRHVzh4QiQANVDNWMRQ%3D&reserved=0
> > +# https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2015-5237&data=04%7C01%7CRahul.Taya%40kpit.com%7C511769123a5942dcefef08d92f648e7c%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637592931217238740%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=oOWCXMpoie6c4G01wy%2B6HV4npUDN8DKGeUkr1v%2BnjF0%3D&reserved=0
> > +# https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fubuntu.com%2Fsecurity%2FCVE-2015-5237&data=04%7C01%7CRahul.Taya%40kpit.com%7C511769123a5942dcefef08d92f648e7c%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637592931217238740%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=L%2BYvWUGbeOxZ0XLHd1FmFJ2DxpASrpz%2Bs727%2B2%2B3XFA%3D&reserved=0
> > +# https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fprotocolbuffers%2Fprotobuf%2Fissues%2F760&data=04%7C01%7CRahul.Taya%40kpit.com%7C511769123a5942dcefef08d92f648e7c%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637592931217238740%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=L%2Bb26sD4AhZslzqBrM4Fijme1vaLgU0z94mn0Toukf4%3D&reserved=0
> > +CVE_CHECK_WHITELIST += "CVE-2015-5237"
> >
> >
> >
>
>
>
>
This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.
[-- Attachment #2: Type: text/html, Size: 14405 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [OE-core] [meta-oe][dunfell][PATCH] protobuf: Whitelist CVE-2015-5237
2021-06-14 11:15 RAHUL taya
@ 2021-06-14 15:52 ` Armin Kuster
0 siblings, 0 replies; 4+ messages in thread
From: Armin Kuster @ 2021-06-14 15:52 UTC (permalink / raw)
To: RAHUL taya, raj.khem, OpenEmbedded Devel List
Cc: nisha.parrakat, purushottam.choudhary
On 6/14/21 4:15 AM, RAHUL taya wrote:
> As per below reference links this CVE issue seems to be minor and
> harmless and as per upstream this is not a real issue in practice.
>
> And as per red hat this issue is marked as low severity.
Does this affect Hardknott?
-armin
>
> 1. https://bugzilla.suse.com/show_bug.cgi?id=CVE-2015-5237
> 2. https://security-tracker.debian.org/tracker/CVE-2015-5237
> 3. https://ubuntu.com/security/CVE-2015-5237
> 4. https://github.com/protocolbuffers/protobuf/issues/760
>
> Signed-off-by: Rahul Taya <Rahultaya96@gmail.com>
> ---
> meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb b/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb
> index 4d6c5b255..f845a72a0 100644
> --- a/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb
> +++ b/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb
> @@ -88,3 +88,11 @@ LDFLAGS_append_arm = " -latomic"
> LDFLAGS_append_mips = " -latomic"
> LDFLAGS_append_powerpc = " -latomic"
> LDFLAGS_append_mipsel = " -latomic"
> +
> +# As per below links this issue is minor and harmless and
> +# as per upstream this is not a real issue in practice.
> +# https://bugzilla.suse.com/show_bug.cgi?id=CVE-2015-5237
> +# https://security-tracker.debian.org/tracker/CVE-2015-5237
> +# https://ubuntu.com/security/CVE-2015-5237
> +# https://github.com/protocolbuffers/protobuf/issues/760
> +CVE_CHECK_WHITELIST += "CVE-2015-5237"
>
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-06-15 5:54 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <20210614104631.3190-1-Rahultaya96@gmail.com>
2021-06-14 15:45 ` [OE-core] [meta-oe][dunfell][PATCH] protobuf: Whitelist CVE-2015-5237 Armin Kuster
2021-06-14 18:44 ` Steve Sakoman
2021-06-15 5:54 ` Rahul Taya
2021-06-14 11:15 RAHUL taya
2021-06-14 15:52 ` [OE-core] " Armin Kuster
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.