[OE-core] [PATCH] iputils: Whitelist CVE-2000-1213 CVE-2000-1214
Ross Burton
ross.burton at intel.com
Tue Nov 5 10:38:32 UTC 2019
On 04/11/2019 20:55, Adrian Bunk wrote:
> +# Fixed in 2000-10-10, but the versioning of iputils
> +# breaks the version order.
> +CVE_CHECK_WHITELIST += "CVE-2000-1213 CVE-2000-1214"
So the problem is that our PV matches the upstream git tags, which don't
match the naming convention in the CPE entries.
The tags are of the form s20190709, but the CPE uses 2010-10-10.
If we assume that the CPE version scheme will remain the same then we
can handle this for all cases in the recipe:
def cve_version(d):
import re
m = re.match(r"s(\d{4})(\d{2})(\d{2})", d.getVar("PV"))
return "-".join(m.groups())
CVE_VERSION = "${@cve_version(d)}"
Ross
More information about the Openembedded-core
mailing list