code.ossystems Code Review - openembedded-core.git/commit

]> code.ossystems Code Review - openembedded-core.git/commit

Code Review / openembedded-core.git / commit

author	André Draszik <adraszik@tycoint.com>
	Fri, 4 Nov 2016 11:06:31 +0000 (11:06 +0000)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Tue, 15 Nov 2016 15:18:48 +0000 (15:18 +0000)
commit	b881a288eec598002685f68da80a24e0478fa496
tree	5252f43b1832f6fb8491ece5a4955e40699bb1da	tree \| snapshot
parent	b5a036ce958e3fe24690531712071abc14b48033	commit \| diff

cve-check.bbclass: CVE-2014-2524 / readline v5.2

Contrary to the CVE report, the vulnerable trace functions
don't exist in readline v5.2 (which we keep for GPLv2+
purposes), they were added in readline v6.0 only - let's
whitelist that CVE in order to avoid false positives.

See also the discussion in
https://patchwork.openembedded.org/patch/81765/

Signed-off-by: André Draszik <adraszik@tycoint.com>
Reviewed-by: Lukasz Nowak <lnowak@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>

meta/classes/cve-check.bbclass

diff | blob | history

Mirror of the official openembedded-core repository

RSS Atom