[OE-core] [PATCH] bind: Whitelist CVE-2019-6470
akuster808
akuster808 at gmail.com
Thu Nov 14 15:18:28 UTC 2019
On 11/14/19 4:51 AM, Adrian Bunk wrote:
> On Thu, Nov 14, 2019 at 12:04:40PM +0000, Ross Burton wrote:
>> On 13/11/2019 08:19, Adrian Bunk wrote:
>>> +# Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later
>>> +CVE_CHECK_WHITELIST += "CVE-2019-6470"
>> Can you be a bit more explicit about why this is whitelisted?
> Something like
> BIND >= 9.11.2 need dhcpd >= 4.4.1, don't report it here since
> dhcpd is already recent enough.
Actual. checking isc dhcp sources, it appears the fix is sitting in
master and has not been merged to any of the stable branches. I have not
had the time to unpack and check in an OE env ti validate that.
Have you done that?
- Armin
> ?
>
>> Ross
> cu
> Adrian
>
More information about the Openembedded-core
mailing list