diff mbox series

[kirkstone,1/5] cpio: ignore CVE-2023-7216

Message ID 20241201185337.2675566-2-peter.marko@siemens.com
State Under Review
Delegated to: Steve Sakoman
Headers show
Series CVE list cleanup | expand

Commit Message

Marko, Peter Dec. 1, 2024, 6:53 p.m. UTC 
From: Peter Marko <peter.marko@siemens.com>

Same was done in newer Yocto releases.
See commit See commit 0f2cd2bbaddba3b8c80d71db274bbcd941d0e60e

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 meta/recipes-extended/cpio/cpio_2.14.bb | 2 ++
 1 file changed, 2 insertions(+)
diff mbox series

Patch

diff --git a/meta/recipes-extended/cpio/cpio_2.14.bb b/meta/recipes-extended/cpio/cpio_2.14.bb
index c0b97ee166..0fbab82cca 100644
--- a/meta/recipes-extended/cpio/cpio_2.14.bb
+++ b/meta/recipes-extended/cpio/cpio_2.14.bb
@@ -16,6 +16,8 @@  inherit autotools gettext texinfo
 
 # Issue applies to use of cpio in SUSE/OBS, doesn't apply to us
 CVE_CHECK_IGNORE += "CVE-2010-4226"
+# disputed: intended behaviour, see https://lists.gnu.org/archive/html/bug-cpio/2024-03/msg00000.html
+CVE_CHECK_IGNORE += "CVE-2023-7216"
 
 EXTRA_OECONF += "DEFAULT_RMT_DIR=${sbindir}"