code.ossystems Code Review - openembedded-core.git/commit

author	saloni <saloni.jain@kpit.com>
	Fri, 5 Feb 2021 15:37:12 +0000 (21:07 +0530)
committer	Anuj Mittal <anuj.mittal@intel.com>
	Tue, 9 Feb 2021 01:08:51 +0000 (09:08 +0800)
commit	461579e032f0490e69cc20ff526a898618f057b2
tree	9fb9ff8b520dcbdae83773cc411a2be26a5796bd	tree \| snapshot
parent	2f6c7aae835c75a350686b058fba732005e4c923	commit \| diff

libgcrypt: Whitelisted CVEs

Whitelisted below CVEs:

1. CVE-2018-12433
Link: https://security-tracker.debian.org/tracker/CVE-2018-12433
Link: https://nvd.nist.gov/vuln/detail/CVE-2018-12433
CVE-2018-12433 is marked disputed and ignored by NVD as it does
not impact crypt libraries for any distros and hence, can be safely
marked whitelisted.

2. CVE-2018-12438
Link: https://security-tracker.debian.org/tracker/CVE-2018-12438
Link: https://ubuntu.com/security/CVE-2018-12438
CVE-2018-12438 was reported for affecting openjdk crypt libraries
but there are no details available on which openjdk versions are
affected and does not directly affect libgcrypt or any specific
yocto distributions, hence, can be whitelisted.

Signed-off-by: Saloni Jain <Saloni.Jain@kpit.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2943efe3f56d394308f9364b439c25f6a7613288)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>