| Message ID | 20260303124558.1994637-1-skandigraun@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [meta-networking,kirkstone] opem-vm-tools: ignore multiple CVEs | expand |
diff --git a/meta-networking/recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb b/meta-networking/recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb index 0e671b6557..3d3b2887bc 100644 --- a/meta-networking/recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb +++ b/meta-networking/recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb @@ -126,3 +126,13 @@ python() { if 'filesystems-layer' not in d.getVar('BBFILE_COLLECTIONS').split(): raise bb.parse.SkipRecipe('Requires meta-filesystems to be present to provide fuse.') } + +# fixed since 9.10.2 +CVE_CHECK_IGNORE = "CVE-2014-4199" + +# fixed since 9.4.6 +CVE_CHECK_IGNORE += "CVE-2014-4200" + +# Windows-only vulnerability +CVE_CHECK_IGNORE += "CVE-2022-22943 CVE-2022-22977 CVE-2022-31693 CVE-2023-34057" +
Details: https://nvd.nist.gov/vuln/detail/CVE-2014-4199 https://nvd.nist.gov/vuln/detail/CVE-2014-4200 https://nvd.nist.gov/vuln/detail/CVE-2022-22943 https://nvd.nist.gov/vuln/detail/CVE-2022-22977 https://nvd.nist.gov/vuln/detail/CVE-2022-31693 https://nvd.nist.gov/vuln/detail/CVE-2023-34057 The fixes for the first two vulnerabilities are already present in the used version. As identified by Redhat: CVE-2014-4199: it has been fixed since version 9.10.2[1] CVE-2014-4200: it has been fixed since version 9.4.6[2] CVE-2022-22943, CVE-2022-22977 and CVE-2022-31693 affect only Windows. CVE-2023-34059 affects only Windows and MacOS. [1]: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-4199 [2]: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-4200 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> --- .../open-vm-tools/open-vm-tools_11.3.5.bb | 10 ++++++++++ 1 file changed, 10 insertions(+)