zip: whitelist CVE-2018-13410 and CVE-2018-13684 - linux/poky.git

diff options

author	Mikko Rapeli <mikko.rapeli@bmw.de>	2021-01-15 19:05:44 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-01-16 22:39:36 +0000
commit	615cb60fd4e3f71293f7debb9dd19a183437ad4d (patch)
tree	3c2f7c9ed1afa96018cf74224eb3b4c2790d55be /documentation/ref-manual/examples/hello-single
parent	93543e99605684d65125859ce1104ea74e2452cf (diff)
download	poky-615cb60fd4e3f71293f7debb9dd19a183437ad4d.tar.gz

zip: whitelist CVE-2018-13410 and CVE-2018-13684

https://nvd.nist.gov/vuln/detail/CVE-2018-13410 is disputed and also Debian considers it not a vulnerability: https://security-tracker.debian.org/tracker/CVE-2018-13410 http://seclists.org/fulldisclosure/2018/Jul/24 "Negligible security impact, would involve that a untrusted party controls the -TT value." https://nvd.nist.gov/vuln/detail/CVE-2018-13684 is not for zip, also Debian concludes this: https://security-tracker.debian.org/tracker/CVE-2018-13684 "NOT-FOR-US: smart contract implementation for ZIP" (From OE-Core rev: 06b72a91b6dcf63fed437fd2105c59e922ba6525) Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'documentation/ref-manual/examples/hello-single')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: