From d853e2bde1ea083f8438e8d7a80f041196d2e38d Mon Sep 17 00:00:00 2001
From: Steve Sakoman <steve@sakoman.com>
Date: Wed, 14 Jul 2021 12:14:20 -1000
Subject: [PATCH] gstreamer-plugins-good: ignore CVE-2021-3497/8 since they are
 fixed

CPE entries for gst-plugins-good are listed as gstreamer issues
so we need to ignore the false hits for the two CVEs we've patched

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../gstreamer/gstreamer1.0-plugins-good_1.16.3.bb            | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.3.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.3.bb
index 1038cbf224..e8830103ce 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.3.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.3.bb
@@ -15,6 +15,11 @@ SRC_URI = " \
 SRC_URI[md5sum] = "c79b6c2f8eaadb2bb66615b694db399e"
 SRC_URI[sha256sum] = "d3a23a3fe73de673f591b7655494990c9e8a0e22a3c70d6f1dbf50198b29f85f"
 
+# CPE entries for gst-plugins-good are listed as gstreamer issues
+# so we need to ignore the false hit
+CVE_CHECK_WHITELIST += "CVE-2021-3497"
+CVE_CHECK_WHITELIST += "CVE-2021-3498"
+
 S = "${WORKDIR}/gst-plugins-good-${PV}"
 
 LICENSE = "GPLv2+ & LGPLv2.1+"
-- 
2.40.1