Message ID | PR3P192MB071407F89FE9B7A1AA8EE484DAAA9@PR3P192MB0714.EURP192.PROD.OUTLOOK.COM |
---|---|
State | New |
Headers | show |
Series | [meta-networking,dunfell,1/2] openvpn: add CVE-2020-7224 and CVE-2020-27569 to allowlist | expand |
Hugo, On 2/22/23 4:39 AM, Hugo Simeliere via lists.openembedded.org wrote: > Fixes below CVEs: > * CVE-2022-0547 > * CVE-2020-15078 Do these CVE's affect the version in Master? -armin > > Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com> > --- > .../openvpn/{openvpn_2.4.9.bb => openvpn_2.4.12.bb} | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > rename meta-networking/recipes-support/openvpn/{openvpn_2.4.9.bb => > openvpn_2.4.12.bb} (95%) > > diff --git a/meta-networking/recipes-support/openvpn/openvpn_2.4.9.bb > b/meta-networking/recipes-support/openvpn/openvpn_2.4.12.bb > similarity index 95% > rename from meta-networking/recipes-support/openvpn/openvpn_2.4.9.bb > rename to meta-networking/recipes-support/openvpn/openvpn_2.4.12.bb > index 4820d3d96..55e66036b 100644 > --- a/meta-networking/recipes-support/openvpn/openvpn_2.4.9.bb > +++ b/meta-networking/recipes-support/openvpn/openvpn_2.4.12.bb > @@ -14,8 +14,8 @@ SRC_URI = > "http://swupdate.openvpn.org/community/releases/${BP}.tar.gz \ > UPSTREAM_CHECK_URI = "https://openvpn.net/community-downloads" > -SRC_URI[md5sum] = "52863fa9b98e5a3d7f8bec1d5785a2ba" > -SRC_URI[sha256sum] = > "46b268ef88e67ca6de2e9f19943eb9e5ac8544e55f5c1f3af677298d03e64b6e" > +SRC_URI[md5sum] = "e83d430947fb7c9ad1a174987317d1dc" > +SRC_URI[sha256sum] = > "66952d9c95490e5875f04c9f8fa313b5e816d1b7b4d6cda3fb2ff749ad405dee" > # CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN client, > not for openvpn. > CVE_CHECK_WHITELIST += "CVE-2020-7224 CVE-2020-27569" > -- > 2.39.2 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#101205): https://lists.openembedded.org/g/openembedded-devel/message/101205 > Mute This Topic: https://lists.openembedded.org/mt/97156570/3616698 > Group Owner: openembedded-devel+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [akuster808@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
Hi, No these CVE's affect only the version in Dunfell. Best regards, Hugo Simeliere On Wed, Feb 22, 2023 at 05:21 PM, Armin Kuster wrote: > > Hugo, > > On 2/22/23 4:39 AM, Hugo Simeliere via lists.openembedded.org wrote: > >> Fixes below CVEs: >> * CVE-2022-0547 >> * CVE-2020-15078 > > Do these CVE's affect the version in Master? > > -armin
Hello, will this patch to fix CVE-2022-0547 and CVE-2020-15078 be integrated?
diff --git a/meta-networking/recipes-support/openvpn/openvpn_2.4.9.bb b/meta-networking/recipes-support/openvpn/openvpn_2.4.12.bb similarity index 95% rename from meta-networking/recipes-support/openvpn/openvpn_2.4.9.bb rename to meta-networking/recipes-support/openvpn/openvpn_2.4.12.bb index 4820d3d96..55e66036b 100644 --- a/meta-networking/recipes-support/openvpn/openvpn_2.4.9.bb +++ b/meta-networking/recipes-support/openvpn/openvpn_2.4.12.bb @@ -14,8 +14,8 @@ SRC_URI = "http://swupdate.openvpn.org/community/releases/${BP}.tar.gz \ UPSTREAM_CHECK_URI = "https://openvpn.net/community-downloads" -SRC_URI[md5sum] = "52863fa9b98e5a3d7f8bec1d5785a2ba" -SRC_URI[sha256sum] = "46b268ef88e67ca6de2e9f19943eb9e5ac8544e55f5c1f3af677298d03e64b6e" +SRC_URI[md5sum] = "e83d430947fb7c9ad1a174987317d1dc" +SRC_URI[sha256sum] = "66952d9c95490e5875f04c9f8fa313b5e816d1b7b4d6cda3fb2ff749ad405dee" # CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN client, not for openvpn. CVE_CHECK_WHITELIST += "CVE-2020-7224 CVE-2020-27569"
Fixes below CVEs: * CVE-2022-0547 * CVE-2020-15078 Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com> --- .../openvpn/{openvpn_2.4.9.bb => openvpn_2.4.12.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta-networking/recipes-support/openvpn/{openvpn_2.4.9.bb => openvpn_2.4.12.bb} (95%) -- 2.39.2