zip: whitelist CVE-2018-13410 and CVE-2018-13684 - openembedded-core-contrib - OpenEmbedded Core user contribution trees

diff options

author	Mikko Rapeli <mikko.rapeli@bmw.de>	2021-01-15 19:05:44 +0200
committer	Anuj Mittal <anuj.mittal@intel.com>	2021-01-19 11:18:20 +0800
commit	f0314a6937a63b3274bcd84817476834c1de876e (patch)
tree	4035dbbb419210d34f472aa0b5debcfbc3c3d962 /meta/files
parent	c7bf9aebd002fc6bc23a57bc5e9863382bd17ae7 (diff)
download	openembedded-core-contrib-f0314a6937a63b3274bcd84817476834c1de876e.tar.gz

zip: whitelist CVE-2018-13410 and CVE-2018-13684

https://nvd.nist.gov/vuln/detail/CVE-2018-13410 is disputed and also Debian considers it not a vulnerability: https://security-tracker.debian.org/tracker/CVE-2018-13410 http://seclists.org/fulldisclosure/2018/Jul/24 "Negligible security impact, would involve that a untrusted party controls the -TT value." https://nvd.nist.gov/vuln/detail/CVE-2018-13684 is not for zip, also Debian concludes this: https://security-tracker.debian.org/tracker/CVE-2018-13684 "NOT-FOR-US: smart contract implementation for ZIP" Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>

Diffstat (limited to 'meta/files')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: