* [meta-java][dunfell][PATCH] xerces-j: Whitelisted CVE-2018-2799
@ 2021-05-30 10:37 saloni
2021-07-12 13:35 ` saloni
0 siblings, 1 reply; 5+ messages in thread
From: saloni @ 2021-05-30 10:37 UTC (permalink / raw)
To: openembedded-core, raj.khem; +Cc: nisha.parrakat, Saloni Jain
From: Saloni Jain <Saloni.Jain@kpit.com>
Whitelisted below CVE:
CVE-2018-2799:
CVE only applies to some Oracle Java SE and Red Hat
Enterprise Linux versions which is already fixed with
updates and the issue is closed.
Link: https://access.redhat.com/security/cve/CVE-2018-2799
Link: https://bugzilla.redhat.com/show_bug.cgi?id=1567542
Signed-off-by: Saloni <Saloni.Jain@kpit.com>
---
recipes-core/xerces-j/xerces-j_2.11.0.bb | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/recipes-core/xerces-j/xerces-j_2.11.0.bb b/recipes-core/xerces-j/xerces-j_2.11.0.bb
index 98ef32f..f2a4434 100644
--- a/recipes-core/xerces-j/xerces-j_2.11.0.bb
+++ b/recipes-core/xerces-j/xerces-j_2.11.0.bb
@@ -14,6 +14,12 @@ LIC_FILES_CHKSUM = " \
SRC_URI = "http://archive.apache.org/dist/xerces/j/Xerces-J-src.${PV}.tar.gz"
+# CVE only applies to some Oracle Java SE and Red Hat Enterprise Linux versions.
+# Already fixed with updates and closed.
+# https://access.redhat.com/security/cve/CVE-2018-2799
+# https://bugzilla.redhat.com/show_bug.cgi?id=1567542
+CVE_CHECK_WHITELIST += "CVE-2018-2799"
+
S = "${WORKDIR}/xerces-2_11_0"
inherit java-library
--
2.17.1
This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [meta-java][dunfell][PATCH] xerces-j: Whitelisted CVE-2018-2799
2021-05-30 10:37 [meta-java][dunfell][PATCH] xerces-j: Whitelisted CVE-2018-2799 saloni
@ 2021-07-12 13:35 ` saloni
2021-07-12 16:54 ` Khem Raj
0 siblings, 1 reply; 5+ messages in thread
From: saloni @ 2021-07-12 13:35 UTC (permalink / raw)
To: openembedded-core, raj.khem
Cc: Nisha Parrakat, Purushottam Choudhary, Harpritkaur Bhandari
[-- Attachment #1: Type: text/plain, Size: 2239 bytes --]
Hi,
Please take the below changes and merge them in upstream dunfell branch.
Thanks & Regards,
Saloni
________________________________
From: Saloni Jain <Saloni.Jain@kpit.com>
Sent: Sunday, May 30, 2021 4:07 PM
To: openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org>; raj.khem@gmail.com <raj.khem@gmail.com>
Cc: Nisha Parrakat <Nisha.Parrakat@kpit.com>; Saloni Jain <Saloni.Jain@kpit.com>
Subject: [meta-java][dunfell][PATCH] xerces-j: Whitelisted CVE-2018-2799
From: Saloni Jain <Saloni.Jain@kpit.com>
Whitelisted below CVE:
CVE-2018-2799:
CVE only applies to some Oracle Java SE and Red Hat
Enterprise Linux versions which is already fixed with
updates and the issue is closed.
Link: https://access.redhat.com/security/cve/CVE-2018-2799
Link: https://bugzilla.redhat.com/show_bug.cgi?id=1567542
Signed-off-by: Saloni <Saloni.Jain@kpit.com>
---
recipes-core/xerces-j/xerces-j_2.11.0.bb | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/recipes-core/xerces-j/xerces-j_2.11.0.bb b/recipes-core/xerces-j/xerces-j_2.11.0.bb
index 98ef32f..f2a4434 100644
--- a/recipes-core/xerces-j/xerces-j_2.11.0.bb
+++ b/recipes-core/xerces-j/xerces-j_2.11.0.bb
@@ -14,6 +14,12 @@ LIC_FILES_CHKSUM = " \
SRC_URI = "http://archive.apache.org/dist/xerces/j/Xerces-J-src.${PV}.tar.gz"
+# CVE only applies to some Oracle Java SE and Red Hat Enterprise Linux versions.
+# Already fixed with updates and closed.
+# https://access.redhat.com/security/cve/CVE-2018-2799
+# https://bugzilla.redhat.com/show_bug.cgi?id=1567542
+CVE_CHECK_WHITELIST += "CVE-2018-2799"
+
S = "${WORKDIR}/xerces-2_11_0"
inherit java-library
--
2.17.1
This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.
[-- Attachment #2: Type: text/html, Size: 3710 bytes --]
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [meta-java][dunfell][PATCH] xerces-j: Whitelisted CVE-2018-2799
2021-07-12 13:35 ` saloni
@ 2021-07-12 16:54 ` Khem Raj
0 siblings, 0 replies; 5+ messages in thread
From: Khem Raj @ 2021-07-12 16:54 UTC (permalink / raw)
To: Saloni Jain
Cc: openembedded-core, Nisha Parrakat, Purushottam Choudhary,
Harpritkaur Bhandari
meta-java has contribution guidelines here
https://git.yoctoproject.org/cgit/cgit.cgi/meta-java/tree/README
please read through Contributing section and follow the right mailing
list and CC the maintainers please
On Mon, Jul 12, 2021 at 6:35 AM Saloni Jain <Saloni.Jain@kpit.com> wrote:
>
> Hi,
>
> Please take the below changes and merge them in upstream dunfell branch.
>
> Thanks & Regards,
> Saloni
> ________________________________
> From: Saloni Jain <Saloni.Jain@kpit.com>
> Sent: Sunday, May 30, 2021 4:07 PM
> To: openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org>; raj.khem@gmail.com <raj.khem@gmail.com>
> Cc: Nisha Parrakat <Nisha.Parrakat@kpit.com>; Saloni Jain <Saloni.Jain@kpit.com>
> Subject: [meta-java][dunfell][PATCH] xerces-j: Whitelisted CVE-2018-2799
>
> From: Saloni Jain <Saloni.Jain@kpit.com>
>
> Whitelisted below CVE:
> CVE-2018-2799:
> CVE only applies to some Oracle Java SE and Red Hat
> Enterprise Linux versions which is already fixed with
> updates and the issue is closed.
> Link: https://access.redhat.com/security/cve/CVE-2018-2799
> Link: https://bugzilla.redhat.com/show_bug.cgi?id=1567542
>
> Signed-off-by: Saloni <Saloni.Jain@kpit.com>
> ---
> recipes-core/xerces-j/xerces-j_2.11.0.bb | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/recipes-core/xerces-j/xerces-j_2.11.0.bb b/recipes-core/xerces-j/xerces-j_2.11.0.bb
> index 98ef32f..f2a4434 100644
> --- a/recipes-core/xerces-j/xerces-j_2.11.0.bb
> +++ b/recipes-core/xerces-j/xerces-j_2.11.0.bb
> @@ -14,6 +14,12 @@ LIC_FILES_CHKSUM = " \
>
> SRC_URI = "http://archive.apache.org/dist/xerces/j/Xerces-J-src.${PV}.tar.gz"
>
> +# CVE only applies to some Oracle Java SE and Red Hat Enterprise Linux versions.
> +# Already fixed with updates and closed.
> +# https://access.redhat.com/security/cve/CVE-2018-2799
> +# https://bugzilla.redhat.com/show_bug.cgi?id=1567542
> +CVE_CHECK_WHITELIST += "CVE-2018-2799"
> +
> S = "${WORKDIR}/xerces-2_11_0"
>
> inherit java-library
> --
> 2.17.1
>
> This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [meta-java][dunfell][PATCH] xerces-j: Whitelisted CVE-2018-2799
2021-07-20 8:11 Saloni Jain
@ 2021-08-23 4:25 ` Saloni Jain
0 siblings, 0 replies; 5+ messages in thread
From: Saloni Jain @ 2021-08-23 4:25 UTC (permalink / raw)
To: openembedded-devel
[-- Attachment #1: Type: text/plain, Size: 147 bytes --]
Hello,
Could anyone please do a review again and confirm if the patch is now okay for integration in upstream branch.
Regards,
Saloni Jain
[-- Attachment #2: Type: text/html, Size: 222 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* [meta-java][dunfell][PATCH] xerces-j: Whitelisted CVE-2018-2799
@ 2021-07-20 8:11 Saloni Jain
2021-08-23 4:25 ` Saloni Jain
0 siblings, 1 reply; 5+ messages in thread
From: Saloni Jain @ 2021-07-20 8:11 UTC (permalink / raw)
To: openembedded-devel, otavio, raj.khem; +Cc: nisha.parrakat, Saloni Jain
From: Saloni Jain <Saloni.Jain@kpit.com>
Whitelisted below CVE:
CVE-2018-2799:
CVE only applies to some Oracle Java SE and Red Hat
Enterprise Linux versions which is already fixed with
updates and the issue is closed.
Link: https://access.redhat.com/security/cve/CVE-2018-2799
Link: https://bugzilla.redhat.com/show_bug.cgi?id=1567542
---
recipes-core/xerces-j/xerces-j_2.11.0.bb | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/recipes-core/xerces-j/xerces-j_2.11.0.bb b/recipes-core/xerces-j/xerces-j_2.11.0.bb
index 98ef32f..f2a4434 100644
--- a/recipes-core/xerces-j/xerces-j_2.11.0.bb
+++ b/recipes-core/xerces-j/xerces-j_2.11.0.bb
@@ -14,6 +14,12 @@ LIC_FILES_CHKSUM = " \
SRC_URI = "http://archive.apache.org/dist/xerces/j/Xerces-J-src.${PV}.tar.gz"
+# CVE only applies to some Oracle Java SE and Red Hat Enterprise Linux versions.
+# Already fixed with updates and closed.
+# https://access.redhat.com/security/cve/CVE-2018-2799
+# https://bugzilla.redhat.com/show_bug.cgi?id=1567542
+CVE_CHECK_WHITELIST += "CVE-2018-2799"
+
S = "${WORKDIR}/xerces-2_11_0"
inherit java-library
--
2.17.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-08-23 4:25 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-30 10:37 [meta-java][dunfell][PATCH] xerces-j: Whitelisted CVE-2018-2799 saloni
2021-07-12 13:35 ` saloni
2021-07-12 16:54 ` Khem Raj
2021-07-20 8:11 Saloni Jain
2021-08-23 4:25 ` Saloni Jain
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.