CVE-2020-16590 CVE-2020-16591 CVE-2020-16599 CVE-2021-20294 does not affect binutils_2.34 and the contents of the patch are not present in the source code. Therefore, whitelist it.
Links: https://nvd.nist.gov/vuln/detail/CVE-2020-16590 https://nvd.nist.gov/vuln/detail/CVE-2020-16591 https://nvd.nist.gov/vuln/detail/CVE-2020-16599 https://nvd.nist.gov/vuln/detail/CVE-2021-20294 Signed-off-by: Sana Kazi <sana.k...@kpit.com> Signed-off-by: Sana Kazi <sanakazis...@gmail.com> --- meta/recipes-devtools/binutils/binutils-2.34.inc | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/meta/recipes-devtools/binutils/binutils-2.34.inc b/meta/recipes-devtools/binutils/binutils-2.34.inc index 6a55de2d45..990c5fa8f1 100644 --- a/meta/recipes-devtools/binutils/binutils-2.34.inc +++ b/meta/recipes-devtools/binutils/binutils-2.34.inc @@ -54,3 +54,18 @@ SRC_URI = "\ file://0001-CVE-2021-45078.patch \ " S = "${WORKDIR}/git" + +# CVE-2020-16590 CVE-2020-16591 CVE-2020-16599 CVE-2021-20294 does not affect +# binutils_2.34 and the contents of the patch are not +# present in the source code. Therefore, whitelist it. +# https://nvd.nist.gov/vuln/detail/CVE-2020-16590 +# https://nvd.nist.gov/vuln/detail/CVE-2020-16591 +# https://nvd.nist.gov/vuln/detail/CVE-2020-16599 +# https://nvd.nist.gov/vuln/detail/CVE-2021-20294 + +CVE_CHECK_WHITELIST += " \ + CVE-2020-16590 \ + CVE-2020-16591 \ + CVE-2020-16599 \ + CVE-2021-20294 \ +" -- 2.17.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#163545): https://lists.openembedded.org/g/openembedded-core/message/163545 Mute This Topic: https://lists.openembedded.org/mt/89949489/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
