From 4b4c6f4a8a2a9944b6d56fbf33db7ecfb9b8a128 Mon Sep 17 00:00:00 2001
From: Davide Gardenal <davidegarde2000@gmail.com>
Date: Fri, 15 Jul 2022 15:35:15 +0200
Subject: freeradius: ignore patched CVEs

CVE-2002-0318 and CVE-2011-4966 are both patched in our version of
freeradius. The CPE in the NVD database doesn't reflect correctly
the vulnerable versions that's why they are incorrectly picked up.

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
---
 meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb b/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb
index 453e514b67..d6477e340e 100644
--- a/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb
+++ b/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb
@@ -38,6 +38,11 @@ raddbdir="${sysconfdir}/${MLPREFIX}raddb"
 
 SRCREV = "af428abda249b2279ba0582180985a9f6f4a144a"
 
+CVE_CHECK_IGNORE = "\
+    CVE-2002-0318 \
+    CVE-2011-4966 \
+"
+
 PARALLEL_MAKE = ""
 
 S = "${WORKDIR}/git"
-- 
cgit v1.2.3-54-g00ecf