diff mbox series

[meta-oe,kirkstone] c-ares: ignore CVE-2023-31124

Message ID 20230612110029.7522-1-peter.marko@siemens.com
State New
Headers show
Series [meta-oe,kirkstone] c-ares: ignore CVE-2023-31124 | expand

Commit Message

Marko, Peter June 12, 2023, 11 a.m. UTC 
From: Peter Marko <peter.marko@siemens.com>

CVE-2023-31124 applies only when cross-compiling using autotools.
Yocto cross-compiles via cmake which is also listed as official workaround.

See:
* https://nvd.nist.gov/vuln/detail/CVE-2023-31124
* https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb | 4 ++++
 1 file changed, 4 insertions(+)
diff mbox series

Patch

diff --git a/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb b/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb
index 5614d1310..180e2f3e9 100644
--- a/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb
+++ b/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb
@@ -21,3 +21,7 @@  PACKAGES =+ "${PN}-utils"
 FILES:${PN}-utils = "${bindir}"
 
 BBCLASSEXTEND = "native nativesdk"
+
+# this vulneribility applies only when cross-compiling using autotools
+# yocto cross-compiles via cmake which is also listed as official workaround
+CVE_CHECK_IGNORE += "CVE-2023-31124"