Hi Sana
Thanks for your contribution. this patch needs a bit of rework, please
apply it to master branch of meta-openembedded repository, this recipe
is from meta-networking layer therefore prefix your subject line with
[meta-networking] and meta-openembedded repo patches are sent to
oe-devel mailing list not oe-core
here are OE patch submission guideline whic h will be helpful
https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded
https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
On 3/7/21 9:58 PM, Sana Kazi wrote:
CVE-2007-0613 is not applicable as it only affects Apple products
i.e. ichat,mdnsresponder, instant message framework and MacOS.
Also, https://www.exploit-db.com/exploits/3230 shows the part of code
affected by CVE-2007-0613 which is not preset in upstream source code.
Hence, CVE-2007-0613 does not affect other Yocto implementations and
is not reported for other distros can be marked whitelisted.
Links:
https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2007-0613
https://security-tracker.debian.org/tracker/CVE-2007-0613
https://ubuntu.com/security/CVE-2007-0613
https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
---
.../recipes-protocols/mdns/mdns_878.270.2.bb | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/meta-networking/recipes-protocols/mdns/mdns_878.270.2.bb
b/meta-networking/recipes-protocols/mdns/mdns_878.270.2.bb
index 0f8dc92df3..ce31233264 100644
--- a/meta-networking/recipes-protocols/mdns/mdns_878.270.2.bb
+++ b/meta-networking/recipes-protocols/mdns/mdns_878.270.2.bb
@@ -26,6 +26,19 @@ SRC_URI =
"https://opensource.apple.com/tarballs/mDNSResponder/mDNSResponder-${P
SRC_URI[md5sum] = "4e139a8e1133349006b0436291c9e29b"
SRC_URI[sha256sum] =
"2cef0ee9900504c5277fb81de0a28e6c0835fe482ebecf1067c6864f5c4eda74"
+# CVE-2007-0613 is not applicable as it only affects Apple products
+# i.e. ichat,mdnsresponder, instant message framework and MacOS.
+# Also, https://www.exploit-db.com/exploits/3230 shows the part of code
+# affected by CVE-2007-0613 which is not preset in upstream source code.
+# Hence, CVE-2007-0613 does not affect other Yocto implementations and
+# is not reported for other distros can be marked whitelisted.
+# Links:
+# https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
+# https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2007-0613
+# https://security-tracker.debian.org/tracker/CVE-2007-0613
+# https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
+CVE_CHECK_WHITELIST += "CVE-2007-0613"
+
PARALLEL_MAKE = ""
S = "${WORKDIR}/mDNSResponder-${PV}/mDNSPosix"
--
2.17.1
This message contains information that may be privileged or confidential and is
the property of the KPIT Technologies Ltd. It is intended only for the person
to whom it is addressed. If you are not the intended recipient, you are not
authorized to read, print, retain copy, disseminate, distribute, or use this
message or any part thereof. If you receive this message in error, please
notify the sender immediately and delete all copies of this message. KPIT
Technologies Ltd. does not accept any liability for virus infected mails.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#149103):
https://lists.openembedded.org/g/openembedded-core/message/149103
Mute This Topic: https://lists.openembedded.org/mt/81168090/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
