Message ID | 20240129181920.2171316-1-ross.burton@arm.com |
---|---|
State | Accepted, archived |
Commit | f99b25355133fe8f65a55737270e67ea10b79d52 |
Headers | show |
Series | grub2: ignore CVE-2023-4001, this is Red Hat-specific | expand |
I can't help but notice there's a kind of irony here, given Red Hat's major marketing point for RHEL is security fixes. Patching things one doesn't fully understand without upstream review is not a good idea. Alex On Mon, 29 Jan 2024 at 19:19, Ross Burton <ross.burton@arm.com> wrote: > > From: Ross Burton <ross.burton@arm.com> > > Signed-off-by: Ross Burton <ross.burton@arm.com> > --- > meta/recipes-bsp/grub/grub2.inc | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc > index 5685cae0ab4..47dc9217985 100644 > --- a/meta/recipes-bsp/grub/grub2.inc > +++ b/meta/recipes-bsp/grub/grub2.inc > @@ -25,6 +25,7 @@ SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154 > > CVE_STATUS[CVE-2019-14865] = "not-applicable-platform: applies only to RHEL" > CVE_STATUS[CVE-2021-46705] = "not-applicable-platform: Applies only to SUSE" > +CVE_STATUS[CVE-2023-4001] = "not-applicable-platform: Applies only to RHEL/Fedora" > > DEPENDS = "flex-native bison-native gettext-native" > > -- > 2.34.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#194476): https://lists.openembedded.org/g/openembedded-core/message/194476 > Mute This Topic: https://lists.openembedded.org/mt/104037170/1686489 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alex.kanavin@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 5685cae0ab4..47dc9217985 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -25,6 +25,7 @@ SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154 CVE_STATUS[CVE-2019-14865] = "not-applicable-platform: applies only to RHEL" CVE_STATUS[CVE-2021-46705] = "not-applicable-platform: Applies only to SUSE" +CVE_STATUS[CVE-2023-4001] = "not-applicable-platform: Applies only to RHEL/Fedora" DEPENDS = "flex-native bison-native gettext-native"