]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: dfa4b0e) | patch
libgcrypt: Whitelisted CVEs
authorsaloni <saloni.jain@kpit.com>
Fri, 5 Feb 2021 15:37:12 +0000 (21:07 +0530)
committerSteve Sakoman <steve@sakoman.com>
Thu, 11 Feb 2021 14:27:21 +0000 (04:27 -1000)
commit2ebd235bc86032e388fb7e565834f3200e09d081
tree78fa934f70700ad3f9c4ff45aad202e06558eb7atree | snapshot
parentdfa4b0e6cabb870a33627ff5a0b5f413f6edb1e2commit | diff
libgcrypt: Whitelisted CVEs

Whitelisted below CVEs:

1. CVE-2018-12433
Link: https://security-tracker.debian.org/tracker/CVE-2018-12433
Link: https://nvd.nist.gov/vuln/detail/CVE-2018-12433
CVE-2018-12433 is marked disputed and ignored by NVD as it does
not impact crypt libraries for any distros and hence, can be safely
marked whitelisted.

2. CVE-2018-12438
Link: https://security-tracker.debian.org/tracker/CVE-2018-12438
Link: https://ubuntu.com/security/CVE-2018-12438
CVE-2018-12438 was reported for affecting openjdk crypt libraries
but there are no details available on which openjdk versions are
affected and does not directly affect libgcrypt or any specific
yocto distributions, hence, can be whitelisted.

Signed-off-by: Saloni Jain <Saloni.Jain@kpit.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2943efe3f56d394308f9364b439c25f6a7613288)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb diff | blob | history
Mirror of the official openembedded-core repository