From 50b6fb7d62831e763afae1ae91021bc2e74d2889 Mon Sep 17 00:00:00 2001
From: Mathieu Dubois-Briand <mbriand@witekio.com>
Date: Thu, 8 Dec 2022 15:23:45 +0100
Subject: nss: Whitelist CVEs related to libnssdbm

These CVEs only affect libnssdbm, compiled when --enable-legacy-db is
used.

https://bugzilla.mozilla.org/show_bug.cgi?id=1360782#c6
https://bugzilla.mozilla.org/show_bug.cgi?id=1360778#c8
https://bugzilla.mozilla.org/show_bug.cgi?id=1360900#c6
https://bugzilla.mozilla.org/show_bug.cgi?id=1360779#c9
Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-oe/recipes-support/nss/nss_3.51.1.bb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta-oe/recipes-support/nss/nss_3.51.1.bb b/meta-oe/recipes-support/nss/nss_3.51.1.bb
index 4a7485867c..0827780c25 100644
--- a/meta-oe/recipes-support/nss/nss_3.51.1.bb
+++ b/meta-oe/recipes-support/nss/nss_3.51.1.bb
@@ -295,3 +295,7 @@ CVE_PRODUCT += "network_security_services"
 
 # CVE-2006-5201 affects only Sun Solaris
 CVE_CHECK_WHITELIST += "CVE-2006-5201"
+
+# CVES CVE-2017-11695 CVE-2017-11696 CVE-2017-11697 CVE-2017-11698 only affect
+# the legacy db (libnssdbm), only compiled with --enable-legacy-db.
+CVE_CHECK_WHITELIST += "CVE-2017-11695 CVE-2017-11696 CVE-2017-11697 CVE-2017-11698"
-- 
cgit 1.2.3-korg