openssh: Exclude CVE-2008-3844 from cve-check

author Richard Purdie <richard.purdie@linuxfoundation.org>

Tue, 11 May 2021 11:30:39 +0000 (12:30 +0100)

committer Steve Sakoman <steve@sakoman.com>

Fri, 14 May 2021 17:16:37 +0000 (07:16 -1000)
author Richard Purdie <richard.purdie@linuxfoundation.org>
Tue, 11 May 2021 11:30:39 +0000 (12:30 +0100)
committer Steve Sakoman <steve@sakoman.com>
Fri, 14 May 2021 17:16:37 +0000 (07:16 -1000)
diff --git a/meta/recipes-connectivity/openssh/openssh_8.2p1.bb b/meta/recipes-connectivity/openssh/openssh_8.2p1.bb

index b429fbe96d6d3ec14cd61e4b9feab36440cff593..6ed54a813939162babe3018e39137dc279f66b99 100644 (file)
--- a/meta/recipes-connectivity/openssh/openssh_8.2p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_8.2p1.bb
@@ -35,6 +35,9 @@ CVE_CHECK_WHITELIST += "CVE-2007-2768"
  # and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded
  CVE_CHECK_WHITELIST += "CVE-2014-9278"
  
+# CVE only applies to some distributed RHEL binaries
+CVE_CHECK_WHITELIST += "CVE-2008-3844"
+
  PAM_SRC_URI = "file://sshd"
  
  inherit manpages useradd update-rc.d update-alternatives systemd
author	Richard Purdie <richard.purdie@linuxfoundation.org>
	Tue, 11 May 2021 11:30:39 +0000 (12:30 +0100)
committer	Steve Sakoman <steve@sakoman.com>
	Fri, 14 May 2021 17:16:37 +0000 (07:16 -1000)