openssh: Exclude CVE-2008-3844 from cve-check

author Richard Purdie <richard.purdie@linuxfoundation.org>

Tue, 11 May 2021 11:30:39 +0000 (12:30 +0100)

committer Richard Purdie <richard.purdie@linuxfoundation.org>

Sat, 22 May 2021 09:00:45 +0000 (10:00 +0100)
author Richard Purdie <richard.purdie@linuxfoundation.org>
Tue, 11 May 2021 11:30:39 +0000 (12:30 +0100)
committer Richard Purdie <richard.purdie@linuxfoundation.org>
Sat, 22 May 2021 09:00:45 +0000 (10:00 +0100)
diff --git a/meta/recipes-connectivity/openssh/openssh_8.5p1.bb b/meta/recipes-connectivity/openssh/openssh_8.5p1.bb

index 41ac303d38d2603f9fcea86573bf18919119abcc..c6de51988493fa141cfd5ca13e46d9c2cf7fbd25 100644 (file)
--- a/meta/recipes-connectivity/openssh/openssh_8.5p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_8.5p1.bb
@@ -34,6 +34,9 @@ CVE_CHECK_WHITELIST += "CVE-2007-2768"
  # and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded
  CVE_CHECK_WHITELIST += "CVE-2014-9278"
  
+# CVE only applies to some distributed RHEL binaries
+CVE_CHECK_WHITELIST += "CVE-2008-3844"
+
  PAM_SRC_URI = "file://sshd"
  
  inherit manpages useradd update-rc.d update-alternatives systemd
author	Richard Purdie <richard.purdie@linuxfoundation.org>
	Tue, 11 May 2021 11:30:39 +0000 (12:30 +0100)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Sat, 22 May 2021 09:00:45 +0000 (10:00 +0100)