Hi,
This patch is merged for master and dunfell. Could you please review it for
gatesgarth.
Thanks & Regards,
Sana Kazi
KPIT Technologies Limited
From: Sana Kazi
Sent: Wednesday, March 3, 2021 4:21 PM
To: Openembedded-core@lists.openembedded.org
; raj.k...@gmail.com
Cc: Nisha Parrakat ; Aditya Tayade
; Harpritkaur Bhandari ;
Purushottam Choudhary
Subject: [poky][gatesgarth][master][dunfell][PATCH] shadow: whitelist
CVE-2013-4235
From: Purushottam Choudhary
This CVE is about TOCTOU (time-of-check time-of-use)
race condition when copying and removing directory trees
which had very low severity problem and marked as closed
and won't fix. Therefore whitelisted CVE-2013-4235.
Master, gatesgarth and dunfell all have shadow version 4.81.
Hence, this is applicable for master, gatesgarth and dunfell.
Link: https://bugzilla.redhat.com/show_bug.cgi?id=884658
Signed-off-by: Sana Kazi
---
meta/recipes-extended/shadow/shadow_4.8.1.bb | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-extended/shadow/shadow_4.8.1.bb
b/meta/recipes-extended/shadow/shadow_4.8.1.bb
index c975395ff8..ff4aad926f 100644
--- a/meta/recipes-extended/shadow/shadow_4.8.1.bb
+++ b/meta/recipes-extended/shadow/shadow_4.8.1.bb
@@ -6,5 +6,6 @@ BUILD_LDFLAGS_append_class-target = "
${@bb.utils.contains('DISTRO_FEATURES', 'p
BBCLASSEXTEND = "native nativesdk"
-
-
+# Severity is low and marked as closed and won't fix.
+# https://bugzilla.redhat.com/show_bug.cgi?id=884658
+CVE_CHECK_WHITELIST += "CVE-2013-4235"
--
2.17.1
This message contains information that may be privileged or confidential and is
the property of the KPIT Technologies Ltd. It is intended only for the person
to whom it is addressed. If you are not the intended recipient, you are not
authorized to read, print, retain copy, disseminate, distribute, or use this
message or any part thereof. If you receive this message in error, please
notify the sender immediately and delete all copies of this message. KPIT
Technologies Ltd. does not accept any liability for virus infected mails.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#149687):
https://lists.openembedded.org/g/openembedded-core/message/149687
Mute This Topic: https://lists.openembedded.org/mt/81048889/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-