Whitelisted below CVEs: 1. CVE-2018-12433 Link: https://security-tracker.debian.org/tracker/CVE-2018-12433 Link: https://nvd.nist.gov/vuln/detail/CVE-2018-12433 CVE-2018-12433 is marked disputed and ignored by NVD as it does not impact crypt libraries for any distros and hence, can be safely marked whitelisted.
2. CVE-2018-12438 Link: https://security-tracker.debian.org/tracker/CVE-2018-12438 Link: https://ubuntu.com/security/CVE-2018-12438 CVE-2018-12438 was reported for affecting openjdk crypt libraries but there are no details available on which openjdk versions are affected and does not directly affect libgcrypt or any specific yocto distributions, hence, can be whitelisted. Signed-off-by: Saloni Jain <saloni.j...@kpit.com> --- meta/recipes-support/libgcrypt/libgcrypt_1.8.7.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.8.7.bb b/meta/recipes-support/libgcrypt/libgcrypt_1.8.7.bb index 0cad41d..7db624a 100644 --- a/meta/recipes-support/libgcrypt/libgcrypt_1.8.7.bb +++ b/meta/recipes-support/libgcrypt/libgcrypt_1.8.7.bb @@ -28,6 +28,9 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \ " SRC_URI[sha256sum] = "03b70f028299561b7034b8966d7dd77ef16ed139c43440925fe8782561974748" +# Below whitelisted CVEs are disputed and not affecting crypto libraries for any distro. +CVE_CHECK_WHITELIST += "CVE-2018-12433 CVE-2018-12438" + BINCONFIG = "${bindir}/libgcrypt-config" inherit autotools texinfo binconfig-disabled pkgconfig -- 2.7.4 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#147708): https://lists.openembedded.org/g/openembedded-core/message/147708 Mute This Topic: https://lists.openembedded.org/mt/80408157/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
