[meta-networking][kirkstone][master][PATCH] spice: ignore patched CVEs


Davide Gardenal
 

The following CVEs are already patched so we can ignore them:
- CVE-2016-0749
- CVE-2016-2150
- CVE-2018-10893

This is caused by inaccurate CPE in the NVD database.

Signed-off-by: Davide Gardenal <davide.gardenal@...>
---
meta-networking/recipes-support/spice/spice_git.bb | 6 ++++++
1 file changed, 6 insertions(+)

diff --git a/meta-networking/recipes-support/spice/spice_git.bb b/meta-networking/recipes-support/spice/spice_git.bb
index d9083bcbe..1887a5582 100644
--- a/meta-networking/recipes-support/spice/spice_git.bb
+++ b/meta-networking/recipes-support/spice/spice_git.bb
@@ -30,6 +30,12 @@ SRC_URI = " \

S = "${WORKDIR}/git"

+CVE_CHECK_IGNORE += "\
+ CVE-2016-0749 \
+ CVE-2016-2150 \
+ CVE-2018-10893 \
+"
+
inherit autotools gettext python3native python3-dir pkgconfig

DEPENDS += "spice-protocol jpeg pixman alsa-lib glib-2.0 python3-pyparsing-native python3-six-native glib-2.0-native"
--
2.34.1

Join openembedded-devel@lists.openembedded.org to automatically receive all group messages.