Re: [oe] [meta-networking][meta-oe][master][dunfell][PATCH] mdns: Whitelisted CVE-2007-0613 for mdns
On 3/19/21 10:16 AM, Sana Kazi wrote: Hi, It is merged in dunfell but not yet in master. Are you planning to merge it in master? Please update you copies isnt it this one https://git.openembedded.org/meta-openembedded/commit/?id=f37e5423da984b7dc721d52f04673d3afc0879a1 Thanks & Regards, Sana Kazi KPIT Technologies Limited *From:* Khem Raj *Sent:* Friday, March 19, 2021 10:11 PM *To:* Sana Kazi ; Openembedded-devel@lists.openembedded.org *Subject:* Re: [meta-networking][meta-oe][master][dunfell][PATCH] mdns: Whitelisted CVE-2007-0613 for mdns Hello Sana It was in latest pull from Armin which was merged today it should be in already in dunfell now. Let us know if not. On 3/19/21 6:31 AM, Sana Kazi wrote: Hi Team, Could you please review below patch to be upstreamed for mdns Thanks & Regards, Sana Kazi KPIT Technologies Limited *From:* Sana Kazi *Sent:* Tuesday, March 9, 2021 12:06 PM *To:* Openembedded-devel@lists.openembedded.org ; raj.k...@gmail.com *Cc:* Nisha Parrakat ; Aditya Tayade ; Harpritkaur Bhandari *Subject:* [meta-networking][meta-oe][master][dunfell][PATCH] mdns: Whitelisted CVE-2007-0613 for mdns CVE-2007-0613 is not applicable as it only affects Apple products i.e. ichat,mdnsresponder, instant message framework and MacOS. Also, https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.exploit-db.com%2Fexploits%2F3230data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a0eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742865584%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=zEEydQaidbnLPHjwC8eq4k%2Fb%2FThn53dRfqsUwy5KU%2FE%3Dreserved=0 <https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.exploit-db.com%2Fexploits%2F3230data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a0eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742865584%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=zEEydQaidbnLPHjwC8eq4k%2Fb%2FThn53dRfqsUwy5KU%2FE%3Dreserved=0> <https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.exploit-db.com%2Fexploits%2F3230data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a0eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742865584%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=zEEydQaidbnLPHjwC8eq4k%2Fb%2FThn53dRfqsUwy5KU%2FE%3Dreserved=0 <https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.exploit-db.com%2Fexploits%2F3230data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a0eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742865584%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=zEEydQaidbnLPHjwC8eq4k%2Fb%2FThn53dRfqsUwy5KU%2FE%3Dreserved=0>> shows the part of code affected by CVE-2007-0613 which is not preset in upstream source code. Hence, CVE-2007-0613 does not affect other Yocto implementations and is not reported for other distros can be marked whitelisted. Links: https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fvulmon.com%2Fvulnerabilitydetails%3Fqid%3DCVE-2007-0613data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a0eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742875586%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=eAkjsIawSp2YHJL3bqORC%2B%2FRdxYVRKFIJ998sPA%2B%2FZ4%3Dreserved=0 <https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fvulmon.com%2Fvulnerabilitydetails%3Fqid%3DCVE-2007-0613data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a0eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742875586%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=eAkjsIawSp2YHJL3bqORC%2B%2FRdxYVRKFIJ998sPA%2B%2FZ4%3Dreserved=0> <https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fvulmon.com%2Fvulnerabilitydetails%3Fqid%3DCVE-2007-0613data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a0eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742875586%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=eAkjsIawSp2YHJL3bqORC%2B%2FRdxYVRKFIJ998sPA%2B%2FZ4%3Dreserved=0 <https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fvulmon.com%2Fvulnerabilitydetails%3Fqid%3DCVE-2007-0613data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a0eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742875586%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=eAkjsIaw
Re: [oe] [meta-networking][meta-oe][master][dunfell][PATCH] mdns: Whitelisted CVE-2007-0613 for mdns
Hi, It is merged in dunfell but not yet in master. Are you planning to merge it in master? Thanks & Regards, Sana Kazi KPIT Technologies Limited From: Khem Raj Sent: Friday, March 19, 2021 10:11 PM To: Sana Kazi ; Openembedded-devel@lists.openembedded.org Subject: Re: [meta-networking][meta-oe][master][dunfell][PATCH] mdns: Whitelisted CVE-2007-0613 for mdns Hello Sana It was in latest pull from Armin which was merged today it should be in already in dunfell now. Let us know if not. On 3/19/21 6:31 AM, Sana Kazi wrote: > Hi Team, > > Could you please review below patch to be upstreamed for mdns > > > Thanks & Regards, > > Sana Kazi > KPIT Technologies Limited > > > > > *From:* Sana Kazi > *Sent:* Tuesday, March 9, 2021 12:06 PM > *To:* Openembedded-devel@lists.openembedded.org > ; raj.k...@gmail.com > > *Cc:* Nisha Parrakat ; Aditya Tayade > ; Harpritkaur Bhandari > > *Subject:* [meta-networking][meta-oe][master][dunfell][PATCH] mdns: > Whitelisted CVE-2007-0613 for mdns > CVE-2007-0613 is not applicable as it only affects Apple products > i.e. ichat,mdnsresponder, instant message framework and MacOS. > Also, > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.exploit-db.com%2Fexploits%2F3230data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a0eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742865584%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=zEEydQaidbnLPHjwC8eq4k%2Fb%2FThn53dRfqsUwy5KU%2FE%3Dreserved=0 > <https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.exploit-db.com%2Fexploits%2F3230data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a0eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742865584%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=zEEydQaidbnLPHjwC8eq4k%2Fb%2FThn53dRfqsUwy5KU%2FE%3Dreserved=0> > shows the part of code > affected by CVE-2007-0613 which is not preset in upstream source code. > Hence, CVE-2007-0613 does not affect other Yocto implementations and > is not reported for other distros can be marked whitelisted. > Links: > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fvulmon.com%2Fvulnerabilitydetails%3Fqid%3DCVE-2007-0613data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a0eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742875586%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=eAkjsIawSp2YHJL3bqORC%2B%2FRdxYVRKFIJ998sPA%2B%2FZ4%3Dreserved=0 > <https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fvulmon.com%2Fvulnerabilitydetails%3Fqid%3DCVE-2007-0613data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a0eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742875586%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=eAkjsIawSp2YHJL3bqORC%2B%2FRdxYVRKFIJ998sPA%2B%2FZ4%3Dreserved=0> > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.incibe-cert.es%2Fen%2Fearly-warning%2Fvulnerabilities%2Fcve-2007-0613data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a0eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742875586%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=5qInEtds3j9aCQPBzoNNgwnjrpkNc%2BlkDXmk2gvoHOA%3Dreserved=0 > > <https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.incibe-cert.es%2Fen%2Fearly-warning%2Fvulnerabilities%2Fcve-2007-0613data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a0eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742875586%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=5qInEtds3j9aCQPBzoNNgwnjrpkNc%2BlkDXmk2gvoHOA%3Dreserved=0> > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2007-0613data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a0eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742875586%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=QW82iXTsR0a1LvT5gIku8EJux9cOlpzzGCVIOCa1FFQ%3Dreserved=0 > <https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2007-0613data=04%7C01%7CSana.Kazi%40kpit.com%7Ca14a0eb0436f8fb708d8eaf5caef%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637517688742875586%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=QW82iXTsR0a1LvT5gIku8EJux9
Re: [oe] [meta-networking][meta-oe][master][dunfell][PATCH] mdns: Whitelisted CVE-2007-0613 for mdns
Hello Sana
It was in latest pull from Armin which was merged today
it should be in already in dunfell now. Let us know if not.
On 3/19/21 6:31 AM, Sana Kazi wrote:
Hi Team,
Could you please review below patch to be upstreamed for mdns
Thanks & Regards,
Sana Kazi
KPIT Technologies Limited
*From:* Sana Kazi
*Sent:* Tuesday, March 9, 2021 12:06 PM
*To:* Openembedded-devel@lists.openembedded.org
; raj.k...@gmail.com
*Cc:* Nisha Parrakat ; Aditya Tayade
; Harpritkaur Bhandari
*Subject:* [meta-networking][meta-oe][master][dunfell][PATCH] mdns:
Whitelisted CVE-2007-0613 for mdns
CVE-2007-0613 is not applicable as it only affects Apple products
i.e. ichat,mdnsresponder, instant message framework and MacOS.
Also, https://www.exploit-db.com/exploits/3230
<https://www.exploit-db.com/exploits/3230> shows the part of code
affected by CVE-2007-0613 which is not preset in upstream source code.
Hence, CVE-2007-0613 does not affect other Yocto implementations and
is not reported for other distros can be marked whitelisted.
Links:
https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
<https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613>
https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2007-0613
<https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2007-0613>
https://security-tracker.debian.org/tracker/CVE-2007-0613
<https://security-tracker.debian.org/tracker/CVE-2007-0613>
https://ubuntu.com/security/CVE-2007-0613
<https://ubuntu.com/security/CVE-2007-0613>
https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
<https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613>
---
.../recipes-protocols/mdns/mdns_1310.40.42.bb | 13 +
1 file changed, 13 insertions(+)
diff --git a/meta-networking/recipes-protocols/mdns/mdns_1310.40.42.bb
b/meta-networking/recipes-protocols/mdns/mdns_1310.40.42.bb
index 445ed87e4..60bc26bf1 100644
--- a/meta-networking/recipes-protocols/mdns/mdns_1310.40.42.bb
+++ b/meta-networking/recipes-protocols/mdns/mdns_1310.40.42.bb
@@ -27,6 +27,19 @@ SRC_URI[sha256sum] =
"bea29e1616cd56ccb8f88c0fad2bcdc4031f4deb2d899c793e2f27a838
CVE_PRODUCT = "apple:mdnsresponder"
+# CVE-2007-0613 is not applicable as it only affects Apple products
+# i.e. ichat,mdnsresponder, instant message framework and MacOS.
+# Also, https://www.exploit-db.com/exploits/3230
<https://www.exploit-db.com/exploits/3230> shows the part of code
+# affected by CVE-2007-0613 which is not preset in upstream source code.
+# Hence, CVE-2007-0613 does not affect other Yocto implementations and
+# is not reported for other distros can be marked whitelisted.
+# Links:
+# https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
<https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613>
+#
https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2007-0613 <https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2007-0613>
+# https://security-tracker.debian.org/tracker/CVE-2007-0613
<https://security-tracker.debian.org/tracker/CVE-2007-0613>
+# https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
<https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613>
+CVE_CHECK_WHITELIST += "CVE-2007-0613"
+
PARALLEL_MAKE = ""
S = "${WORKDIR}/mDNSResponder-${PV}/mDNSPosix"
--
2.17.1
This message contains information that may be privileged or confidential
and is the property of the KPIT Technologies Ltd. It is intended only
for the person to whom it is addressed. If you are not the intended
recipient, you are not authorized to read, print, retain copy,
disseminate, distribute, or use this message or any part thereof. If you
receive this message in error, please notify the sender immediately and
delete all copies of this message. KPIT Technologies Ltd. does not
accept any liability for virus infected mails.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#90222):
https://lists.openembedded.org/g/openembedded-devel/message/90222
Mute This Topic: https://lists.openembedded.org/mt/81195756/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [oe] [meta-networking][meta-oe][master][dunfell][PATCH] mdns: Whitelisted CVE-2007-0613 for mdns
Hi Team,
Could you please review below patch to be upstreamed for mdns
Thanks & Regards,
Sana Kazi
KPIT Technologies Limited
From: Sana Kazi
Sent: Tuesday, March 9, 2021 12:06 PM
To: Openembedded-devel@lists.openembedded.org
; raj.k...@gmail.com
Cc: Nisha Parrakat ; Aditya Tayade
; Harpritkaur Bhandari
Subject: [meta-networking][meta-oe][master][dunfell][PATCH] mdns: Whitelisted
CVE-2007-0613 for mdns
CVE-2007-0613 is not applicable as it only affects Apple products
i.e. ichat,mdnsresponder, instant message framework and MacOS.
Also, https://www.exploit-db.com/exploits/3230 shows the part of code
affected by CVE-2007-0613 which is not preset in upstream source code.
Hence, CVE-2007-0613 does not affect other Yocto implementations and
is not reported for other distros can be marked whitelisted.
Links:
https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2007-0613
https://security-tracker.debian.org/tracker/CVE-2007-0613
https://ubuntu.com/security/CVE-2007-0613
https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
---
.../recipes-protocols/mdns/mdns_1310.40.42.bb | 13 +
1 file changed, 13 insertions(+)
diff --git a/meta-networking/recipes-protocols/mdns/mdns_1310.40.42.bb
b/meta-networking/recipes-protocols/mdns/mdns_1310.40.42.bb
index 445ed87e4..60bc26bf1 100644
--- a/meta-networking/recipes-protocols/mdns/mdns_1310.40.42.bb
+++ b/meta-networking/recipes-protocols/mdns/mdns_1310.40.42.bb
@@ -27,6 +27,19 @@ SRC_URI[sha256sum] =
"bea29e1616cd56ccb8f88c0fad2bcdc4031f4deb2d899c793e2f27a838
CVE_PRODUCT = "apple:mdnsresponder"
+# CVE-2007-0613 is not applicable as it only affects Apple products
+# i.e. ichat,mdnsresponder, instant message framework and MacOS.
+# Also, https://www.exploit-db.com/exploits/3230 shows the part of code
+# affected by CVE-2007-0613 which is not preset in upstream source code.
+# Hence, CVE-2007-0613 does not affect other Yocto implementations and
+# is not reported for other distros can be marked whitelisted.
+# Links:
+# https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
+# https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2007-0613
+# https://security-tracker.debian.org/tracker/CVE-2007-0613
+# https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
+CVE_CHECK_WHITELIST += "CVE-2007-0613"
+
PARALLEL_MAKE = ""
S = "${WORKDIR}/mDNSResponder-${PV}/mDNSPosix"
--
2.17.1
This message contains information that may be privileged or confidential and is
the property of the KPIT Technologies Ltd. It is intended only for the person
to whom it is addressed. If you are not the intended recipient, you are not
authorized to read, print, retain copy, disseminate, distribute, or use this
message or any part thereof. If you receive this message in error, please
notify the sender immediately and delete all copies of this message. KPIT
Technologies Ltd. does not accept any liability for virus infected mails.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#90221):
https://lists.openembedded.org/g/openembedded-devel/message/90221
Mute This Topic: https://lists.openembedded.org/mt/81195756/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[oe] [meta-networking][meta-oe][master][dunfell][PATCH] mdns: Whitelisted CVE-2007-0613 for mdns
CVE-2007-0613 is not applicable as it only affects Apple products
i.e. ichat,mdnsresponder, instant message framework and MacOS.
Also, https://www.exploit-db.com/exploits/3230 shows the part of code
affected by CVE-2007-0613 which is not preset in upstream source code.
Hence, CVE-2007-0613 does not affect other Yocto implementations and
is not reported for other distros can be marked whitelisted.
Links:
https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2007-0613
https://security-tracker.debian.org/tracker/CVE-2007-0613
https://ubuntu.com/security/CVE-2007-0613
https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
---
.../recipes-protocols/mdns/mdns_1310.40.42.bb | 13 +
1 file changed, 13 insertions(+)
diff --git a/meta-networking/recipes-protocols/mdns/mdns_1310.40.42.bb
b/meta-networking/recipes-protocols/mdns/mdns_1310.40.42.bb
index 445ed87e4..60bc26bf1 100644
--- a/meta-networking/recipes-protocols/mdns/mdns_1310.40.42.bb
+++ b/meta-networking/recipes-protocols/mdns/mdns_1310.40.42.bb
@@ -27,6 +27,19 @@ SRC_URI[sha256sum] =
"bea29e1616cd56ccb8f88c0fad2bcdc4031f4deb2d899c793e2f27a838
CVE_PRODUCT = "apple:mdnsresponder"
+# CVE-2007-0613 is not applicable as it only affects Apple products
+# i.e. ichat,mdnsresponder, instant message framework and MacOS.
+# Also, https://www.exploit-db.com/exploits/3230 shows the part of code
+# affected by CVE-2007-0613 which is not preset in upstream source code.
+# Hence, CVE-2007-0613 does not affect other Yocto implementations and
+# is not reported for other distros can be marked whitelisted.
+# Links:
+# https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
+# https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2007-0613
+# https://security-tracker.debian.org/tracker/CVE-2007-0613
+# https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
+CVE_CHECK_WHITELIST += "CVE-2007-0613"
+
PARALLEL_MAKE = ""
S = "${WORKDIR}/mDNSResponder-${PV}/mDNSPosix"
--
2.17.1
This message contains information that may be privileged or confidential and is
the property of the KPIT Technologies Ltd. It is intended only for the person
to whom it is addressed. If you are not the intended recipient, you are not
authorized to read, print, retain copy, disseminate, distribute, or use this
message or any part thereof. If you receive this message in error, please
notify the sender immediately and delete all copies of this message. KPIT
Technologies Ltd. does not accept any liability for virus infected mails.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#89995):
https://lists.openembedded.org/g/openembedded-devel/message/89995
Mute This Topic: https://lists.openembedded.org/mt/81195756/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
