diff options
| author |   Sana Kazi <Sana.Kazi@kpit.com> | 2021-03-09 12:08:56 +0530 |
|---|---|---|
| committer |   Khem Raj <raj.khem@gmail.com> | 2021-03-08 22:44:45 -0800 |
| commit | f37e5423da984b7dc721d52f04673d3afc0879a1 (patch) | |
| tree | 0fd72b611e71763dc326db215272a483b5fd5e3f /meta-networking/recipes-protocols | |
| parent | e352b5bda731060894575bf8c768f50c203fb548 (diff) | |
| download | meta-openembedded-f37e5423da984b7dc721d52f04673d3afc0879a1.tar.gz | |
mdns: Whitelisted CVE-2007-0613 for mdns
CVE-2007-0613 is not applicable as it only affects Apple products
i.e. ichat,mdnsresponder, instant message framework and MacOS.
Also, https://www.exploit-db.com/exploits/3230 shows the part of code
affected by CVE-2007-0613 which is not preset in upstream source code.
Hence, CVE-2007-0613 does not affect other Yocto implementations and
is not reported for other distros can be marked whitelisted.
Links:
https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2007-0613
https://security-tracker.debian.org/tracker/CVE-2007-0613
https://ubuntu.com/security/CVE-2007-0613
https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-networking/recipes-protocols')
| -rw-r--r-- | meta-networking/recipes-protocols/mdns/mdns_1310.40.42.bb | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/meta-networking/recipes-protocols/mdns/mdns_1310.40.42.bb b/meta-networking/recipes-protocols/mdns/mdns_1310.40.42.bb index 445ed87e4c..60bc26bf17 100644 --- a/meta-networking/recipes-protocols/mdns/mdns_1310.40.42.bb +++ b/meta-networking/recipes-protocols/mdns/mdns_1310.40.42.bb @@ -27,6 +27,19 @@ SRC_URI[sha256sum] = "bea29e1616cd56ccb8f88c0fad2bcdc4031f4deb2d899c793e2f27a838 CVE_PRODUCT = "apple:mdnsresponder" +# CVE-2007-0613 is not applicable as it only affects Apple products +# i.e. ichat,mdnsresponder, instant message framework and MacOS. +# Also, https://www.exploit-db.com/exploits/3230 shows the part of code +# affected by CVE-2007-0613 which is not preset in upstream source code. +# Hence, CVE-2007-0613 does not affect other Yocto implementations and +# is not reported for other distros can be marked whitelisted. +# Links: +# https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613 +# https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2007-0613 +# https://security-tracker.debian.org/tracker/CVE-2007-0613 +# https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613 +CVE_CHECK_WHITELIST += "CVE-2007-0613" + PARALLEL_MAKE = "" S = "${WORKDIR}/mDNSResponder-${PV}/mDNSPosix" |