]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 104f362) | patch
zip: whitelist CVE-2018-13410 and CVE-2018-13684
authorMikko Rapeli <mikko.rapeli@bmw.de>
Fri, 15 Jan 2021 17:05:44 +0000 (19:05 +0200)
committerSteve Sakoman <steve@sakoman.com>
Tue, 19 Jan 2021 14:22:10 +0000 (04:22 -1000)
commit872342a37d6159844fcb8d9f0cbf37f011643195
tree3507048d54bca9dcfea90cd3919df45b8880170ftree | snapshot
parent104f36216f0be7278c1f03694ce8b7f72aca9952commit | diff
zip: whitelist CVE-2018-13410 and CVE-2018-13684

https://nvd.nist.gov/vuln/detail/CVE-2018-13410 is disputed and
also Debian considers it not a vulnerability:

https://security-tracker.debian.org/tracker/CVE-2018-13410

http://seclists.org/fulldisclosure/2018/Jul/24
"Negligible security impact, would involve that a untrusted party controls the -TT value."

https://nvd.nist.gov/vuln/detail/CVE-2018-13684 is not for zip, also Debian concludes this:

https://security-tracker.debian.org/tracker/CVE-2018-13684

"NOT-FOR-US: smart contract implementation for ZIP"

Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 06b72a91b6dcf63fed437fd2105c59e922ba6525)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-extended/zip/zip_3.0.bb diff | blob | history
Mirror of the official openembedded-core repository