[oe-commits] [openembedded-core] 26/29: openssl: Whitelist CVE-2019-0190
git at git.openembedded.org
git at git.openembedded.org
Tue Jan 28 11:52:08 UTC 2020
This is an automated email from the git hooks/post-receive script.
rpurdie pushed a commit to branch warrior
in repository openembedded-core.
commit 8e76d2508da411a1a67f3226465c83fec85dfe97
Author: Adrian Bunk <bunk at stusta.de>
AuthorDate: Fri Jan 17 18:58:18 2020 +0200
openssl: Whitelist CVE-2019-0190
This is only a problem with older Apache versions.
Signed-off-by: Adrian Bunk <bunk at stusta.de>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
meta/recipes-connectivity/openssl/openssl_1.1.1d.bb | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
index 0e65f33..af2217b 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
@@ -205,3 +205,7 @@ RCONFLICTS_openssl-conf = "openssl10-conf"
BBCLASSEXTEND = "native nativesdk"
CVE_PRODUCT = "openssl:openssl"
+
+# Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37
+# Apache in meta-webserver is already recent enough
+CVE_CHECK_WHITELIST += "CVE-2019-0190"
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list