diff options
| author | Sana Kazi <Sana.Kazi@kpit.com> | 2021-03-09 12:08:56 +0530 |
|---|---|---|
| committer | Armin Kuster <akuster808@gmail.com> | 2021-03-11 21:13:43 -0800 |
| commit | fee2024d74e0262c3140f6ad004ce751a4915ec4 (patch) | |
| tree | 232cc24c095d3d0b873421af01e61aa3e0d69426 | |
| parent | be89766e7b1e79e95e44fae5f43f002df79555e9 (diff) | |
| download | meta-openembedded-fee2024d74e0262c3140f6ad004ce751a4915ec4.tar.gz | |
mdns: Whitelisted CVE-2007-0613 for mdns
CVE-2007-0613 is not applicable as it only affects Apple products
i.e. ichat,mdnsresponder, instant message framework and MacOS.
Also, https://www.exploit-db.com/exploits/3230 shows the part of code
affected by CVE-2007-0613 which is not preset in upstream source code.
Hence, CVE-2007-0613 does not affect other Yocto implementations and
is not reported for other distros can be marked whitelisted.
Links:
https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2007-0613
https://security-tracker.debian.org/tracker/CVE-2007-0613
https://ubuntu.com/security/CVE-2007-0613
https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f37e5423da984b7dc721d52f04673d3afc0879a1)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
| -rw-r--r-- | meta-networking/recipes-protocols/mdns/mdns_1096.40.7.bb | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/meta-networking/recipes-protocols/mdns/mdns_1096.40.7.bb b/meta-networking/recipes-protocols/mdns/mdns_1096.40.7.bb index 086b408692..d00c8bbfd9 100644 --- a/meta-networking/recipes-protocols/mdns/mdns_1096.40.7.bb +++ b/meta-networking/recipes-protocols/mdns/mdns_1096.40.7.bb | |||
| @@ -27,6 +27,19 @@ SRC_URI[sha256sum] = "b86f4816b4145915198e7c5bf0bc56dbbfd960e9a4518bb6486baa40cd | |||
| 27 | 27 | ||
| 28 | CVE_PRODUCT = "apple:mdnsresponder" | 28 | CVE_PRODUCT = "apple:mdnsresponder" |
| 29 | 29 | ||
| 30 | # CVE-2007-0613 is not applicable as it only affects Apple products | ||
| 31 | # i.e. ichat,mdnsresponder, instant message framework and MacOS. | ||
| 32 | # Also, https://www.exploit-db.com/exploits/3230 shows the part of code | ||
| 33 | # affected by CVE-2007-0613 which is not preset in upstream source code. | ||
| 34 | # Hence, CVE-2007-0613 does not affect other Yocto implementations and | ||
| 35 | # is not reported for other distros can be marked whitelisted. | ||
| 36 | # Links: | ||
| 37 | # https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613 | ||
| 38 | # https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2007-0613 | ||
| 39 | # https://security-tracker.debian.org/tracker/CVE-2007-0613 | ||
| 40 | # https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613 | ||
| 41 | CVE_CHECK_WHITELIST += "CVE-2007-0613" | ||
| 42 | |||
| 30 | PARALLEL_MAKE = "" | 43 | PARALLEL_MAKE = "" |
| 31 | 44 | ||
| 32 | S = "${WORKDIR}/mDNSResponder-${PV}/mDNSPosix" | 45 | S = "${WORKDIR}/mDNSResponder-${PV}/mDNSPosix" |