emlog: ignore unrelated CVEs

This product is not present in the NVD database but another one with exactly the same name is in fact present. For that reason cve-check is outputting CVEs that are unrelated so they can be ignored. Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
author: Davide Gardenal <davidegarde2000@gmail.com> 2022-07-04 11:40:55 +0200
committer: Khem Raj <raj.khem@gmail.com> 2022-07-06 00:08:14 -0400
commit: eaf1ea2e1fe9201af66426cdab0ae680362fbf83 (patch)
tree: 2e0078a6e06cb2b74a3c3cfd9a9f934baf6cafa8 /meta-oe
parent: 19061fea1586fc259a2dfdcb61fc4235307dc6b4 (diff)
download: meta-openembedded-contrib-eaf1ea2e1fe9201af66426cdab0ae680362fbf83.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/meta-oe/recipes-core/emlog/emlog_git.bb b/meta-oe/recipes-core/emlog/emlog_git.bb
index be9ae58232..05fa0c334c 100644
--- a/meta-oe/recipes-core/emlog/emlog_git.bb
+++ b/meta-oe/recipes-core/emlog/emlog_git.bb
@@ -24,3 +24,14 @@ do_install() {
 }
 
 RRECOMMENDS:${PN} += "kernel-module-emlog"
+
+# The NVD database doesn't have a CPE for this product,
+# the name of this product is exactly the same as github.com/emlog/emlog
+# but it's not related in any way. The following CVEs are from that project
+# so they can be safely ignored
+CVE_CHECK_IGNORE += "\
+    CVE-2019-16868 \
+    CVE-2019-17073 \
+    CVE-2021-44584 \
+    CVE-2022-1526 \
+"
author	Davide Gardenal <davidegarde2000@gmail.com>	2022-07-04 11:40:55 +0200
committer	Khem Raj <raj.khem@gmail.com>	2022-07-06 00:08:14 -0400
commit	eaf1ea2e1fe9201af66426cdab0ae680362fbf83 (patch)
tree	2e0078a6e06cb2b74a3c3cfd9a9f934baf6cafa8 /meta-oe
parent	19061fea1586fc259a2dfdcb61fc4235307dc6b4 (diff)
download	meta-openembedded-contrib-eaf1ea2e1fe9201af66426cdab0ae680362fbf83.tar.gz