code.ossystems Code Review - openembedded-core.git/commit

author	saloni <saloni.jain@kpit.com>
	Fri, 5 Feb 2021 15:37:12 +0000 (21:07 +0530)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Sat, 6 Feb 2021 09:02:51 +0000 (09:02 +0000)
commit	2943efe3f56d394308f9364b439c25f6a7613288
tree	b250a7fc8965490b2ff130712fc7e15c0175c39b	tree \| snapshot
parent	f51835e022731d1c0e8e18209e48f1a718048977	commit \| diff

libgcrypt: Whitelisted CVEs

Whitelisted below CVEs:

1. CVE-2018-12433
Link: https://security-tracker.debian.org/tracker/CVE-2018-12433
Link: https://nvd.nist.gov/vuln/detail/CVE-2018-12433
CVE-2018-12433 is marked disputed and ignored by NVD as it does
not impact crypt libraries for any distros and hence, can be safely
marked whitelisted.

2. CVE-2018-12438
Link: https://security-tracker.debian.org/tracker/CVE-2018-12438
Link: https://ubuntu.com/security/CVE-2018-12438
CVE-2018-12438 was reported for affecting openjdk crypt libraries
but there are no details available on which openjdk versions are
affected and does not directly affect libgcrypt or any specific
yocto distributions, hence, can be whitelisted.

Signed-off-by: Saloni Jain <Saloni.Jain@kpit.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>