[OE-core] [PATCH] bind: Whitelist CVE-2019-6470
Adrian Bunk
bunk at stusta.de
Fri Nov 15 21:46:05 UTC 2019
On Thu, Nov 14, 2019 at 07:18:28AM -0800, akuster808 wrote:
>
>
> On 11/14/19 4:51 AM, Adrian Bunk wrote:
> > On Thu, Nov 14, 2019 at 12:04:40PM +0000, Ross Burton wrote:
> >> On 13/11/2019 08:19, Adrian Bunk wrote:
> >>> +# Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later
> >>> +CVE_CHECK_WHITELIST += "CVE-2019-6470"
> >> Can you be a bit more explicit about why this is whitelisted?
> > Something like
> > BIND >= 9.11.2 need dhcpd >= 4.4.1, don't report it here since
> > dhcpd is already recent enough.
> Actual. checking isc dhcp sources, it appears the fix is sitting in
> master and has not been merged to any of the stable branches. I have not
> had the time to unpack and check in an OE env ti validate that.
>
> Have you done that?
At what commit are you looking?
rt46719 was merged in 2017, actually before 4.4.0.
> - Armin
cu
Adrian
More information about the Openembedded-core
mailing list