]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: ef153ad) | patch
zip: whitelist CVE-2018-13410 and CVE-2018-13684
authorMikko Rapeli <mikko.rapeli@bmw.de>
Fri, 15 Jan 2021 17:05:44 +0000 (19:05 +0200)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Sat, 16 Jan 2021 22:39:17 +0000 (22:39 +0000)
commit06b72a91b6dcf63fed437fd2105c59e922ba6525
treeaff574ad1f4d361ef3f14190529c7a3ddc16130ctree | snapshot
parentef153ad36d0299e83a03af8f207686d0d8a238b3commit | diff
zip: whitelist CVE-2018-13410 and CVE-2018-13684

https://nvd.nist.gov/vuln/detail/CVE-2018-13410 is disputed and
also Debian considers it not a vulnerability:

https://security-tracker.debian.org/tracker/CVE-2018-13410

http://seclists.org/fulldisclosure/2018/Jul/24
"Negligible security impact, would involve that a untrusted party controls the -TT value."

https://nvd.nist.gov/vuln/detail/CVE-2018-13684 is not for zip, also Debian concludes this:

https://security-tracker.debian.org/tracker/CVE-2018-13684

"NOT-FOR-US: smart contract implementation for ZIP"

Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-extended/zip/zip_3.0.bb diff | blob | history
Mirror of the official openembedded-core repository