[dunfell] qemu: Ignore multiple CVEs

Message ID	20240322033344.421681-1-vanusuri@mvista.com
State	New
Headers	show Return-Path: <vanusuri@mvista.com> ip: 209.85.210.171, mailfrom: vanusuri@mvista.com) From: vanusuri@mvista.com To: openembedded-core@lists.openembedded.org Cc: Vijay Anusuri <vanusuri@mvista.com> Subject: [OE-core][dunfell][PATCH] qemu: Ignore multiple CVEs Date: Fri, 22 Mar 2024 09:03:44 +0530 Message-Id: <20240322033344.421681-1-vanusuri@mvista.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[dunfell] qemu: Ignore multiple CVEs \| expand [dunfell] qemu: Ignore multiple CVEs

Message ID

20240322033344.421681-1-vanusuri@mvista.com

State

New

Headers

From: vanusuri@mvista.com
To: openembedded-core@lists.openembedded.org
Cc: Vijay Anusuri <vanusuri@mvista.com>
Subject: [OE-core][dunfell][PATCH] qemu: Ignore multiple CVEs
Date: Fri, 22 Mar 2024 09:03:44 +0530
Message-Id: <20240322033344.421681-1-vanusuri@mvista.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[dunfell] qemu: Ignore multiple CVEs | expand

Commit Message

Vijay Anusuri March 22, 2024, 3:33 a.m. UTC

From: Vijay Anusuri <vanusuri@mvista.com>

* CVE-2023-6683: not affected, introduced in v6.1.0-rc0
* CVE-2023-6693: not affected, introduced in v5.1.0-rc0
* CVE-2023-42467: not affected, introduced in v7.1.0-rc0 & v7.1.0-rc2
* CVE-2024-24474: not affected, introduced in v6.0.0-rc0
* CVE-2024-26328: not affected, introduced in v7.0.0-rc0

Ref: https://security-tracker.debian.org/tracker/CVE-2023-6683
     https://security-tracker.debian.org/tracker/CVE-2023-6693
     https://security-tracker.debian.org/tracker/CVE-2023-42467
     https://security-tracker.debian.org/tracker/CVE-2024-24474
     https://security-tracker.debian.org/tracker/CVE-2024-26328

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
 meta/recipes-devtools/qemu/qemu.inc | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 59ff69d51d..829c347fe3 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -176,6 +176,21 @@  CVE_CHECK_WHITELIST += "CVE-2023-2680"
 # Affected only `qemu-kvm` shipped with Red Hat Enterprise Linux 8.3 release.
 CVE_CHECK_WHITELIST += "CVE-2021-20295"
 
+# the issue introduced in v6.1.0-rc0
+CVE_CHECK_WHITELIST += "CVE-2023-6683"
+
+# the issue introduced in v5.1.0-rc0
+CVE_CHECK_WHITELIST += "CVE-2023-6693"
+
+# the issue introduced in v7.1.0-rc0 & v7.1.0-rc2
+CVE_CHECK_WHITELIST += "CVE-2023-42467"
+
+# the issue introduced in v6.0.0-rc0
+CVE_CHECK_WHITELIST += "CVE-2024-24474"
+
+# the issue introduced in v7.0.0-rc0
+CVE_CHECK_WHITELIST += "CVE-2024-26328"
+
 COMPATIBLE_HOST_mipsarchn32 = "null"
 COMPATIBLE_HOST_mipsarchn64 = "null"

[dunfell] qemu: Ignore multiple CVEs

Commit Message

Patch