Hi Team, Could you please review below patch to be upstreamed for mdns
Thanks & Regards, Sana Kazi KPIT Technologies Limited ________________________________ From: Sana Kazi <sana.k...@kpit.com> Sent: Tuesday, March 9, 2021 12:06 PM To: Openembedded-devel@lists.openembedded.org <Openembedded-devel@lists.openembedded.org>; raj.k...@gmail.com <raj.k...@gmail.com> Cc: Nisha Parrakat <nisha.parra...@kpit.com>; Aditya Tayade <aditya.tay...@kpit.com>; Harpritkaur Bhandari <harpritkaur.bhand...@kpit.com> Subject: [meta-networking][meta-oe][master][dunfell][PATCH] mdns: Whitelisted CVE-2007-0613 for mdns CVE-2007-0613 is not applicable as it only affects Apple products i.e. ichat,mdnsresponder, instant message framework and MacOS. Also, https://www.exploit-db.com/exploits/3230 shows the part of code affected by CVE-2007-0613 which is not preset in upstream source code. Hence, CVE-2007-0613 does not affect other Yocto implementations and is not reported for other distros can be marked whitelisted. Links: https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613 https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2007-0613 https://security-tracker.debian.org/tracker/CVE-2007-0613 https://ubuntu.com/security/CVE-2007-0613 https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613 --- .../recipes-protocols/mdns/mdns_1310.40.42.bb | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/meta-networking/recipes-protocols/mdns/mdns_1310.40.42.bb b/meta-networking/recipes-protocols/mdns/mdns_1310.40.42.bb index 445ed87e4..60bc26bf1 100644 --- a/meta-networking/recipes-protocols/mdns/mdns_1310.40.42.bb +++ b/meta-networking/recipes-protocols/mdns/mdns_1310.40.42.bb @@ -27,6 +27,19 @@ SRC_URI[sha256sum] = "bea29e1616cd56ccb8f88c0fad2bcdc4031f4deb2d899c793e2f27a838 CVE_PRODUCT = "apple:mdnsresponder" +# CVE-2007-0613 is not applicable as it only affects Apple products +# i.e. ichat,mdnsresponder, instant message framework and MacOS. +# Also, https://www.exploit-db.com/exploits/3230 shows the part of code +# affected by CVE-2007-0613 which is not preset in upstream source code. +# Hence, CVE-2007-0613 does not affect other Yocto implementations and +# is not reported for other distros can be marked whitelisted. +# Links: +# https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613 +# https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2007-0613 +# https://security-tracker.debian.org/tracker/CVE-2007-0613 +# https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613 +CVE_CHECK_WHITELIST += "CVE-2007-0613" + PARALLEL_MAKE = "" S = "${WORKDIR}/mDNSResponder-${PV}/mDNSPosix" -- 2.17.1 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#90221): https://lists.openembedded.org/g/openembedded-devel/message/90221 Mute This Topic: https://lists.openembedded.org/mt/81195756/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-