[master][kirkstone][meta-networking][PATCH] freeradius: ignore patched CVEs


Davide Gardenal
 

CVE-2002-0318 and CVE-2011-4966 are both patched in our version of
freeradius. The CPE in the NVD database doesn't reflect correctly
the vulnerable versions that's why they are incorrectly picked up.

Signed-off-by: Davide Gardenal <davide.gardenal@...>
---
.../recipes-connectivity/freeradius/freeradius_3.0.21.bb | 5 +++++
1 file changed, 5 insertions(+)

diff --git a/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb b/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb
index da7e60419..0afcb2d70 100644
--- a/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb
+++ b/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb
@@ -36,6 +36,11 @@ SRC_URI = "git://github.com/FreeRADIUS/freeradius-server.git;branch=v3.0.x;lfs=0

SRCREV = "af428abda249b2279ba0582180985a9f6f4a144a"

+CVE_CHECK_IGNORE = "\
+ CVE-2002-0318 \
+ CVE-2011-4966 \
+"
+
PARALLEL_MAKE = ""

S = "${WORKDIR}/git"
--
2.34.1

Join openembedded-devel@lists.openembedded.org to automatically receive all group messages.