From: Steve Sakoman <steve@sakoman.com>
Date: Wed, 14 Jul 2021 22:14:20 +0000 (-1000)
Subject: gstreamer-plugins-good: ignore CVE-2021-3497/8 since they are fixed
X-Git-Tag: 2020-04.10~7
X-Git-Url: https://code.ossystems.io/gitweb?a=commitdiff_plain;h=d853e2bde1ea083f8438e8d7a80f041196d2e38d;p=openembedded-core.git

gstreamer-plugins-good: ignore CVE-2021-3497/8 since they are fixed

CPE entries for gst-plugins-good are listed as gstreamer issues
so we need to ignore the false hits for the two CVEs we've patched

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---

diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.3.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.3.bb
index 1038cbf224..e8830103ce 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.3.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.3.bb
@@ -15,6 +15,11 @@ SRC_URI = " \
 SRC_URI[md5sum] = "c79b6c2f8eaadb2bb66615b694db399e"
 SRC_URI[sha256sum] = "d3a23a3fe73de673f591b7655494990c9e8a0e22a3c70d6f1dbf50198b29f85f"
 
+# CPE entries for gst-plugins-good are listed as gstreamer issues
+# so we need to ignore the false hit
+CVE_CHECK_WHITELIST += "CVE-2021-3497"
+CVE_CHECK_WHITELIST += "CVE-2021-3498"
+
 S = "${WORKDIR}/gst-plugins-good-${PV}"
 
 LICENSE = "GPLv2+ & LGPLv2.1+"