openssh: Exclude CVE-2008-3844 from cve-check

author Richard Purdie <richard.purdie@linuxfoundation.org>

Tue, 11 May 2021 11:30:39 +0000 (12:30 +0100)

committer Richard Purdie <richard.purdie@linuxfoundation.org>

Wed, 12 May 2021 22:05:17 +0000 (23:05 +0100)
author Richard Purdie <richard.purdie@linuxfoundation.org>
Tue, 11 May 2021 11:30:39 +0000 (12:30 +0100)
committer Richard Purdie <richard.purdie@linuxfoundation.org>
Wed, 12 May 2021 22:05:17 +0000 (23:05 +0100)
diff --git a/meta/recipes-connectivity/openssh/openssh_8.6p1.bb b/meta/recipes-connectivity/openssh/openssh_8.6p1.bb

index 57ad5e841ca8003464c4938617d807fe7b22092c..e8f041c58c18c7d9c7d399cb35b7043ac938588d 100644 (file)
--- a/meta/recipes-connectivity/openssh/openssh_8.6p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_8.6p1.bb
@@ -34,6 +34,9 @@ CVE_CHECK_WHITELIST += "CVE-2007-2768"
  # and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded
  CVE_CHECK_WHITELIST += "CVE-2014-9278"
  
+# CVE only applies to some distributed RHEL binaries
+CVE_CHECK_WHITELIST += "CVE-2008-3844"
+
  PAM_SRC_URI = "file://sshd"
  
  inherit manpages useradd update-rc.d update-alternatives systemd
author	Richard Purdie <richard.purdie@linuxfoundation.org>
	Tue, 11 May 2021 11:30:39 +0000 (12:30 +0100)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Wed, 12 May 2021 22:05:17 +0000 (23:05 +0100)