Hi, It is merged in dunfell but not yet in master. Are you planning to merge it in master?
Thanks & Regards, Sana Kazi KPIT Technologies Limited ________________________________ From: Khem Raj <raj.k...@gmail.com> Sent: Friday, March 19, 2021 10:11 PM To: Sana Kazi <sana.k...@kpit.com>; Openembedded-devel@lists.openembedded.org <Openembedded-devel@lists.openembedded.org> Subject: Re: [meta-networking][meta-oe][master][dunfell][PATCH] mdns: Whitelisted CVE-2007-0613 for mdns Hello Sana It was in latest pull from Armin which was merged today it should be in already in dunfell now. Let us know if not. On 3/19/21 6:31 AM, Sana Kazi wrote: > Hi Team, > > Could you please review below patch to be upstreamed for mdns > > > Thanks & Regards, > > Sana Kazi > KPIT Technologies Limited > > > > ------------------------------------------------------------------------ > *From:* Sana Kazi <sana.k...@kpit.com> > *Sent:* Tuesday, March 9, 2021 12:06 PM > *To:* Openembedded-devel@lists.openembedded.org > <Openembedded-devel@lists.openembedded.org>; raj.k...@gmail.com > <raj.k...@gmail.com> > *Cc:* Nisha Parrakat <nisha.parra...@kpit.com>; Aditya Tayade > <aditya.tay...@kpit.com>; Harpritkaur Bhandari > <harpritkaur.bhand...@kpit.com> > *Subject:* [meta-networking][meta-oe][master][dunfell][PATCH] mdns: > Whitelisted CVE-2007-0613 for mdns > CVE-2007-0613 is not applicable as it only affects Apple products > i.e. ichat,mdnsresponder, instant message framework and MacOS. > Also, > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.exploit-db.com%2Fexploits%2F3230&data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a00000eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742865584%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=zEEydQaidbnLPHjwC8eq4k%2Fb%2FThn53dRfqsUwy5KU%2FE%3D&reserved=0 > <https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.exploit-db.com%2Fexploits%2F3230&data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a00000eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742865584%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=zEEydQaidbnLPHjwC8eq4k%2Fb%2FThn53dRfqsUwy5KU%2FE%3D&reserved=0> > shows the part of code > affected by CVE-2007-0613 which is not preset in upstream source code. > Hence, CVE-2007-0613 does not affect other Yocto implementations and > is not reported for other distros can be marked whitelisted. > Links: > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fvulmon.com%2Fvulnerabilitydetails%3Fqid%3DCVE-2007-0613&data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a00000eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742875586%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=eAkjsIawSp2YHJL3bqORC%2B%2FRdxYVRKFIJ998sPA%2B%2FZ4%3D&reserved=0 > <https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fvulmon.com%2Fvulnerabilitydetails%3Fqid%3DCVE-2007-0613&data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a00000eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742875586%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=eAkjsIawSp2YHJL3bqORC%2B%2FRdxYVRKFIJ998sPA%2B%2FZ4%3D&reserved=0> > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.incibe-cert.es%2Fen%2Fearly-warning%2Fvulnerabilities%2Fcve-2007-0613&data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a00000eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742875586%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=5qInEtds3j9aCQPBzoNNgwnjrpkNc%2BlkDXmk2gvoHOA%3D&reserved=0 > > <https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.incibe-cert.es%2Fen%2Fearly-warning%2Fvulnerabilities%2Fcve-2007-0613&data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a00000eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742875586%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=5qInEtds3j9aCQPBzoNNgwnjrpkNc%2BlkDXmk2gvoHOA%3D&reserved=0> > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2007-0613&data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a00000eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742875586%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=QW82iXTsR0a1LvT5gIku8EJux9cOlpzzGCVIOCa1FFQ%3D&reserved=0 > <https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2007-0613&data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a00000eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742875586%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=QW82iXTsR0a1LvT5gIku8EJux9cOlpzzGCVIOCa1FFQ%3D&reserved=0> > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fubuntu.com%2Fsecurity%2FCVE-2007-0613&data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a00000eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742875586%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=FMQ7vLzfqsCYHu7p9B4JSH1abFYkWeWQOk3yMuB%2BnQ0%3D&reserved=0 > <https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fubuntu.com%2Fsecurity%2FCVE-2007-0613&data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a00000eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742875586%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=FMQ7vLzfqsCYHu7p9B4JSH1abFYkWeWQOk3yMuB%2BnQ0%3D&reserved=0> > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fvulmon.com%2Fvulnerabilitydetails%3Fqid%3DCVE-2007-0613&data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a00000eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742875586%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=eAkjsIawSp2YHJL3bqORC%2B%2FRdxYVRKFIJ998sPA%2B%2FZ4%3D&reserved=0 > <https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fvulmon.com%2Fvulnerabilitydetails%3Fqid%3DCVE-2007-0613&data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a00000eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742875586%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=eAkjsIawSp2YHJL3bqORC%2B%2FRdxYVRKFIJ998sPA%2B%2FZ4%3D&reserved=0> > --- > .../recipes-protocols/mdns/mdns_1310.40.42.bb | 13 +++++++++++++ > 1 file changed, 13 insertions(+) > > diff --git a/meta-networking/recipes-protocols/mdns/mdns_1310.40.42.bb > b/meta-networking/recipes-protocols/mdns/mdns_1310.40.42.bb > index 445ed87e4..60bc26bf1 100644 > --- a/meta-networking/recipes-protocols/mdns/mdns_1310.40.42.bb > +++ b/meta-networking/recipes-protocols/mdns/mdns_1310.40.42.bb > @@ -27,6 +27,19 @@ SRC_URI[sha256sum] = > "bea29e1616cd56ccb8f88c0fad2bcdc4031f4deb2d899c793e2f27a838 > > CVE_PRODUCT = "apple:mdnsresponder" > > +# CVE-2007-0613 is not applicable as it only affects Apple products > +# i.e. ichat,mdnsresponder, instant message framework and MacOS. > +# Also, > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.exploit-db.com%2Fexploits%2F3230&data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a00000eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742875586%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=7RyM%2BxWeWU864nFuczXCD5AfylR3G0mL17Yeh5Nodgo%3D&reserved=0 > <https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.exploit-db.com%2Fexploits%2F3230&data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a00000eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742875586%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=7RyM%2BxWeWU864nFuczXCD5AfylR3G0mL17Yeh5Nodgo%3D&reserved=0> > shows the part of code > +# affected by CVE-2007-0613 which is not preset in upstream source code. > +# Hence, CVE-2007-0613 does not affect other Yocto implementations and > +# is not reported for other distros can be marked whitelisted. > +# Links: > +# > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fvulmon.com%2Fvulnerabilitydetails%3Fqid%3DCVE-2007-0613&data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a00000eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742875586%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=eAkjsIawSp2YHJL3bqORC%2B%2FRdxYVRKFIJ998sPA%2B%2FZ4%3D&reserved=0 > <https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fvulmon.com%2Fvulnerabilitydetails%3Fqid%3DCVE-2007-0613&data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a00000eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742885578%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=fh4GpdLsYilHYJgEcMicpxx7wSuX%2BrCe6rxosiIHs%2B0%3D&reserved=0> > +# > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.incibe-cert.es%2Fen%2Fearly-warning%2Fvulnerabilities%2Fcve-2007-0613&data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a00000eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742885578%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=HE4%2FBCOYYIwDEuyNr3P0NZMhAJQm7V9BrxVkYDtKmEk%3D&reserved=0 > > <https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.incibe-cert.es%2Fen%2Fearly-warning%2Fvulnerabilities%2Fcve-2007-0613&data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a00000eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742885578%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=HE4%2FBCOYYIwDEuyNr3P0NZMhAJQm7V9BrxVkYDtKmEk%3D&reserved=0> > +# > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2007-0613&data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a00000eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742885578%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=qAwcUbbb0SGYvixtamLooD4aqCM27Y%2BHhl7K26lHPCg%3D&reserved=0 > <https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2007-0613&data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a00000eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742885578%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=qAwcUbbb0SGYvixtamLooD4aqCM27Y%2BHhl7K26lHPCg%3D&reserved=0> > +# > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fvulmon.com%2Fvulnerabilitydetails%3Fqid%3DCVE-2007-0613&data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a00000eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742885578%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=fh4GpdLsYilHYJgEcMicpxx7wSuX%2BrCe6rxosiIHs%2B0%3D&reserved=0 > <https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fvulmon.com%2Fvulnerabilitydetails%3Fqid%3DCVE-2007-0613&data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a00000eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742885578%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=fh4GpdLsYilHYJgEcMicpxx7wSuX%2BrCe6rxosiIHs%2B0%3D&reserved=0> > +CVE_CHECK_WHITELIST += "CVE-2007-0613" > + > PARALLEL_MAKE = "" > > S = "${WORKDIR}/mDNSResponder-${PV}/mDNSPosix" > -- > 2.17.1 > > This message contains information that may be privileged or confidential > and is the property of the KPIT Technologies Ltd. It is intended only > for the person to whom it is addressed. If you are not the intended > recipient, you are not authorized to read, print, retain copy, > disseminate, distribute, or use this message or any part thereof. If you > receive this message in error, please notify the sender immediately and > delete all copies of this message. KPIT Technologies Ltd. does not > accept any liability for virus infected mails. This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#90226): https://lists.openembedded.org/g/openembedded-devel/message/90226 Mute This Topic: https://lists.openembedded.org/mt/81195756/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
