Whitelist CVE-2016-20012 as the upstream OpenSSH developers see this as an important security feature and do not intend to 'fix' it. Link: https://security-tracker.debian.org/tracker/CVE-2016-20012 https://ubuntu.com/security/CVE-2016-20012
Signed-off-by: Sana Kazi <sana.k...@kpit.com> Signed-off-by: Sana Kazi <sanakazis...@gmail.com> --- meta/recipes-connectivity/openssh/openssh_8.2p1.bb | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/meta/recipes-connectivity/openssh/openssh_8.2p1.bb b/meta/recipes-connectivity/openssh/openssh_8.2p1.bb index e903ec487d..ddc9ed0b32 100644 --- a/meta/recipes-connectivity/openssh/openssh_8.2p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_8.2p1.bb @@ -51,6 +51,15 @@ CVE_CHECK_WHITELIST += "CVE-2020-15778" # https://www.securityfocus.com/bid/30794 CVE_CHECK_WHITELIST += "CVE-2008-3844" +# openssh-ssh1 is provided for compatibility with old devices that +# cannot be upgraded to modern protocols. Thus they may not provide security +# support for this package because doing so would prevent access to equipment. +# The upstream OpenSSH developers see this as an important +# security feature and do not intend to 'fix' it. +# https://security-tracker.debian.org/tracker/CVE-2016-20012 +# https://ubuntu.com/security/CVE-2016-20012 +CVE_CHECK_WHITELIST += "CVE-2016-20012" + PAM_SRC_URI = "file://sshd" inherit manpages useradd update-rc.d update-alternatives systemd -- 2.17.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#159818): https://lists.openembedded.org/g/openembedded-core/message/159818 Mute This Topic: https://lists.openembedded.org/mt/87784964/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
