[meta-oe][master][kirkstone][PATCH] emlog: ignore unrelated CVEs


Davide Gardenal
 

This product is not present in the NVD database but another
one with exactly the same name is in fact present. For that
reason cve-check is outputting CVEs that are unrelated so they
can be ignored.

Signed-off-by: Davide Gardenal <davide.gardenal@...>
---
meta-oe/recipes-core/emlog/emlog_git.bb | 11 +++++++++++
1 file changed, 11 insertions(+)

diff --git a/meta-oe/recipes-core/emlog/emlog_git.bb b/meta-oe/recipes-core/emlog/emlog_git.bb
index be9ae5823..e2dcd4633 100644
--- a/meta-oe/recipes-core/emlog/emlog_git.bb
+++ b/meta-oe/recipes-core/emlog/emlog_git.bb
@@ -24,3 +24,14 @@ do_install() {
}

RRECOMMENDS:${PN} += "kernel-module-emlog"
+
+# The NVD database doesn't have a CPE for this product,
+# the name of this product is exactly the same as github.com/emlog/emlog
+# but it's not related in any way. The following CVEs are from that project
+# so they can be safely ignored
+CVE_IGNORE += "\
+ CVE-2019-16868 \
+ CVE-2019-17073 \
+ CVE-2021-44584 \
+ CVE-2022-1526 \
+"
--
2.34.1

Join openembedded-devel@lists.openembedded.org to automatically receive all group messages.