aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSana Kazi <Sana.Kazi@kpit.com>2021-03-09 12:08:56 +0530
committerArmin Kuster <akuster808@gmail.com>2021-03-11 21:13:43 -0800
commitfee2024d74e0262c3140f6ad004ce751a4915ec4 (patch)
tree232cc24c095d3d0b873421af01e61aa3e0d69426
parentbe89766e7b1e79e95e44fae5f43f002df79555e9 (diff)
downloadmeta-openembedded-fee2024d74e0262c3140f6ad004ce751a4915ec4.tar.gz
meta-openembedded-fee2024d74e0262c3140f6ad004ce751a4915ec4.tar.bz2
meta-openembedded-fee2024d74e0262c3140f6ad004ce751a4915ec4.zip
mdns: Whitelisted CVE-2007-0613 for mdns
CVE-2007-0613 is not applicable as it only affects Apple products i.e. ichat,mdnsresponder, instant message framework and MacOS. Also, https://www.exploit-db.com/exploits/3230 shows the part of code affected by CVE-2007-0613 which is not preset in upstream source code. Hence, CVE-2007-0613 does not affect other Yocto implementations and is not reported for other distros can be marked whitelisted. Links: https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613 https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2007-0613 https://security-tracker.debian.org/tracker/CVE-2007-0613 https://ubuntu.com/security/CVE-2007-0613 https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613 Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit f37e5423da984b7dc721d52f04673d3afc0879a1) Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r--meta-networking/recipes-protocols/mdns/mdns_1096.40.7.bb13
1 files changed, 13 insertions, 0 deletions
diff --git a/meta-networking/recipes-protocols/mdns/mdns_1096.40.7.bb b/meta-networking/recipes-protocols/mdns/mdns_1096.40.7.bb
index 086b40869..d00c8bbfd 100644
--- a/meta-networking/recipes-protocols/mdns/mdns_1096.40.7.bb
+++ b/meta-networking/recipes-protocols/mdns/mdns_1096.40.7.bb
@@ -27,6 +27,19 @@ SRC_URI[sha256sum] = "b86f4816b4145915198e7c5bf0bc56dbbfd960e9a4518bb6486baa40cd
CVE_PRODUCT = "apple:mdnsresponder"
+# CVE-2007-0613 is not applicable as it only affects Apple products
+# i.e. ichat,mdnsresponder, instant message framework and MacOS.
+# Also, https://www.exploit-db.com/exploits/3230 shows the part of code
+# affected by CVE-2007-0613 which is not preset in upstream source code.
+# Hence, CVE-2007-0613 does not affect other Yocto implementations and
+# is not reported for other distros can be marked whitelisted.
+# Links:
+# https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
+# https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2007-0613
+# https://security-tracker.debian.org/tracker/CVE-2007-0613
+# https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
+CVE_CHECK_WHITELIST += "CVE-2007-0613"
+
PARALLEL_MAKE = ""
S = "${WORKDIR}/mDNSResponder-${PV}/mDNSPosix"