Re: [oe] [OE-core] [meta-oe][dunfell][PATCH] ntp: add CVE-2016-9312 to allowlist

From: "Sekine Shigeki" <sekine.shigeki@fujitsu.com>
To: 'Armin Kuster' <akuster808@gmail.com>,
	OpenEmbedded Devel List
	<openembedded-devel@lists.openembedded.org>
Subject: Re: [oe] [OE-core] [meta-oe][dunfell][PATCH] ntp: add CVE-2016-9312 to allowlist
Date: Thu, 17 Jun 2021 10:46:51 +0000	[thread overview]
Message-ID: <OSBPR01MB4440741300D497F9F3DD807F940E9@OSBPR01MB4440.jpnprd01.prod.outlook.com> (raw)
In-Reply-To: <97f50ef4-f51a-b125-bc8c-9afc9266fdb1@gmail.com>

Sorry, I made a mistake with the subject. I will resend the revised one later, so please ignore it.

-----Original Message-----
From: openembedded-devel@lists.openembedded.org <openembedded-devel@lists.openembedded.org> On Behalf Of Armin Kuster
Sent: Tuesday, June 15, 2021 12:54 AM
To: OpenEmbedded Devel List <openembedded-devel@lists.openembedded.org>
Subject: Re: [oe] [OE-core] [meta-oe][dunfell][PATCH] ntp: add CVE-2016-9312 to allowlist

On 6/14/21 5:40 AM, Sekine Shigeki wrote:
> CVE-2016-9312 is only for windows.
> Signed-off-by: Sekine Shigeki <sekine.shigeki@fujitsu.com>
> ---
>  meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb b/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb
> index 7e168825e..e668113c5 100644
> --- a/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb
> +++ b/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb
> @@ -26,6 +26,9 @@ SRC_URI = "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-${PV}.tar.g
>  
>  SRC_URI[sha256sum] = "f65840deab68614d5d7ceb2d0bb9304ff70dcdedd09abb79754a87536b849c19"
Does this affect Hardknott?

>  
> +# CVE-2016-9312 is only for windows.
> +CVE_CHECK_WHITELIST += "CVE-2016-9312"
> +
>  inherit autotools update-rc.d useradd systemd pkgconfig
>  
>  # The ac_cv_header_readline_history is to stop ntpdc depending on either
>
> 
>