]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: f07c139) | patch
cve-check.bbclass: CVE-2014-2524 / readline v5.2
authorAndré Draszik <adraszik@tycoint.com>
Fri, 4 Nov 2016 11:06:31 +0000 (11:06 +0000)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Wed, 11 Jan 2017 11:46:38 +0000 (11:46 +0000)
commitb4498a6b734661fdfe3ff4e0a9850e796b72005c
treec7f52a09ec1d7cca25cd59c1f90292aa3bb729fatree | snapshot
parentf07c139e91d2173dac4289727d1401a19d6ed821commit | diff
cve-check.bbclass: CVE-2014-2524 / readline v5.2

Contrary to the CVE report, the vulnerable trace functions
don't exist in readline v5.2 (which we keep for GPLv2+
purposes), they were added in readline v6.0 only - let's
whitelist that CVE in order to avoid false positives.

See also the discussion in
 https://patchwork.openembedded.org/patch/81765/

(From OE-Core rev: b881a288eec598002685f68da80a24e0478fa496)

Signed-off-by: André Draszik <adraszik@tycoint.com>
Reviewed-by: Lukasz Nowak <lnowak@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
meta/classes/cve-check.bbclass diff | blob | history
Mirror of the official openembedded-core repository