From: Steve Sakoman <steve@sakoman.com>
Date: Mon, 26 Jul 2021 14:22:32 +0000 (-1000)
Subject: gstreamer: ignore CVE-2021-3497, CVE-2021-3498, and CVE-2021-3522
X-Git-Tag: yocto-3.1.11~115
X-Git-Url: https://code.ossystems.io/gitweb?a=commitdiff_plain;h=55140153e66f13a2d8a673a48f6c21e293415e56;p=openembedded-core.git

gstreamer: ignore CVE-2021-3497, CVE-2021-3498, and CVE-2021-3522

CPE entries for gst-plugins-* are listed as gstreamer issues
so we need to ignore the false hits for the CVEs we've patched
in plugins recipes

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---

diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.3.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.3.bb
index 7afe56cd7b..a516fabdaf 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.3.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.3.bb
@@ -74,4 +74,13 @@ FILES_${PN}-dbg += "${datadir}/gdb ${datadir}/gstreamer-1.0/gdb"
 
 CVE_PRODUCT = "gstreamer"
 
+# CPE entries for gst-plugins-base are listed as gstreamer issues
+# so we need to ignore the false hits
+CVE_CHECK_WHITELIST += "CVE-2021-3522"
+
+# CPE entries for gst-plugins-good are listed as gstreamer issues
+# so we need to ignore the false hits
+CVE_CHECK_WHITELIST += "CVE-2021-3497"
+CVE_CHECK_WHITELIST += "CVE-2021-3498"
+
 require gstreamer1.0-ptest.inc