From 538e94e674dc1be0b0fee5da54083ca040b2f7b9 Mon Sep 17 00:00:00 2001 From: Andrei Gherzan Date: Thu, 25 Aug 2022 19:32:26 +0200 Subject: skopeo: Mark CVE-2019-10214 as fixed This CVE was fixed[1] in the container image go library skopeo is using (vendoring). The current version of the image go module is v5.20.0 while the fix landed since v3.0.0[2]. See RedHat's resolution[3] for more details. [1] https://github.com/containers/image/issues/654 [2] https://github.com/containers/image/pull/669/commits/a3d69a4a89244803d2f5350aca6dd0fcbe444551 [3] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10214 Signed-off-by: Andrei Gherzan Signed-off-by: Bruce Ashfield --- recipes-containers/skopeo/skopeo_git.bb | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'recipes-containers/skopeo') diff --git a/recipes-containers/skopeo/skopeo_git.bb b/recipes-containers/skopeo/skopeo_git.bb index 9d19675d..d426b4f8 100644 --- a/recipes-containers/skopeo/skopeo_git.bb +++ b/recipes-containers/skopeo/skopeo_git.bb @@ -34,6 +34,12 @@ S = "${WORKDIR}/git" inherit goarch inherit pkgconfig +# This CVE was fixed in the container image go library skopeo is using. +# See: +# https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10214 +# https://github.com/containers/image/issues/654 +CVE_CHECK_IGNORE += "CVE-2019-10214" + # This disables seccomp and apparmor, which are on by default in the # go package. EXTRA_OEMAKE="BUILDTAGS=''" -- cgit v1.2.3-54-g00ecf