[prev in list] [next in list] [prev in thread] [next in thread]
List: openembedded-core
Subject: [OE-core] [hardknott][PATCH] qemu: Exclude CVE-2020-3550[4/5/6] from cve-check
From: "Sakib Sajal" <sakib.sajal () windriver ! com>
Date: 2021-05-30 23:23:19
Message-ID: 20210530232319.25707-1-sakib.sajal () windriver ! com
[Download RAW message or body]
CVE's affect ESP (NCR53C90) part of chip STP2000 (Master I/O).
On Sparc32 it is the NCR89C100 part of the chip.
On Macintosh Quadra it is NCR53C96.
Both are not supported by yocto.
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
---
meta/recipes-devtools/qemu/qemu.inc | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index fbda0c9174..3921546df7 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -76,6 +76,15 @@ CVE_CHECK_WHITELIST += "CVE-2007-0998"
# https://bugzilla.redhat.com/show_bug.cgi?id=1609015#c11
CVE_CHECK_WHITELIST += "CVE-2018-18438"
+# Following CVE's affect ESP (NCR53C90) part of chip STP2000 (Master I/O).
+# On Sparc32 it is the NCR89C100 part of the chip.
+# On Macintosh Quadra it is NCR53C96.
+# Both are not supported by yocto.
+# Reference: https://www.openwall.com/lists/oss-security/2021/04/16/3
+CVE_CHECK_WHITELIST += "CVE-2020-35504"
+CVE_CHECK_WHITELIST += "CVE-2020-35505"
+CVE_CHECK_WHITELIST += "CVE-2020-35506"
+
COMPATIBLE_HOST_mipsarchn32 = "null"
COMPATIBLE_HOST_mipsarchn64 = "null"
--
2.29.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#152453): https://lists.openembedded.org/g/openembedded-core/message/152453
Mute This Topic: https://lists.openembedded.org/mt/83198517/4454766
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [openembedded-core@marc.info]
-=-=-=-=-=-=-=-=-=-=-=-
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic