[oe-commits] [openembedded-core] 13/28: openssl: Whitelist CVE-2019-0190

git at git.openembedded.org git at git.openembedded.org
Mon Dec 9 10:38:03 UTC 2019


This is an automated email from the git hooks/post-receive script.

rpurdie pushed a commit to branch master-next
in repository openembedded-core.

commit 48dcf59559cf6c51a2685f8bb76368b85c085dbd
Author: Adrian Bunk <bunk at stusta.de>
AuthorDate: Thu Dec 5 23:42:27 2019 +0200

    openssl: Whitelist CVE-2019-0190
    
    This is only a problem with older Apache versions.
    
    Signed-off-by: Adrian Bunk <bunk at stusta.de>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
---
 meta/recipes-connectivity/openssl/openssl_1.1.1d.bb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
index 8819e19..f653e05 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
@@ -202,3 +202,7 @@ RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash"
 BBCLASSEXTEND = "native nativesdk"
 
 CVE_PRODUCT = "openssl:openssl"
+
+# Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37
+# Apache in meta-webserver is already recent enough
+CVE_CHECK_WHITELIST += "CVE-2019-0190"

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.


More information about the Openembedded-commits mailing list