cve-extra-exclusions.inc: add exclusion list for intractable CVE's
The preferred methods for CVE resolution are:
1. Version upgrades where possible
2. Patches where not possible
3. Database updates where version info is incorrect
4. Exclusion from checking where it is determined that the CVE
does not apply to our environment
In some cases none of these methods are possible. For example the
CVE may be decades old with no apparent resolution, and with broken
links that make further research impractical. Some CVEs are vauge
with no specific action the project can take too.
This patch creates a mechanism for users to remove this type of
CVE from the cve-check results via an optional include file.
Based on an initial patch from Steve Sakoman <steve@sakoman.com>
but extended heavily by RP.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit
cf282ae03db3f09df42dcd110d7086c2d854642c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
