OpenEmbedded Core user contribution treesGrokmirror user
summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPurushottam Choudhary <Purushottam.Choudhary@kpit.com>2021-03-03 16:20:38 +0530
committerRichard Purdie <richard.purdie@linuxfoundation.org>2021-03-06 22:36:34 +0000
commitb1c6cd87bee6b019619dc5728fd6c36bc87ed696 (patch)
tree055f1ee36502c8b188ff7f9750be89944a516848
parent1b344399b907b04b561bb25950db28b82a13856c (diff)
downloadopenembedded-core-contrib-b1c6cd87bee6b019619dc5728fd6c36bc87ed696.tar.gz
shadow: whitelist CVE-2013-4235
This CVE is about TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees which had very low severity problem and marked as closed and won't fix. Therefore whitelisted CVE-2013-4235. Master, gatesgarth and dunfell all have shadow version 4.81. Hence, this is applicable for master, gatesgarth and dunfell. Link: https://bugzilla.redhat.com/show_bug.cgi?id=884658 Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat
-rw-r--r--meta/recipes-extended/shadow/shadow_4.8.1.bb5
1 files changed, 3 insertions, 2 deletions
diff --git a/meta/recipes-extended/shadow/shadow_4.8.1.bb b/meta/recipes-extended/shadow/shadow_4.8.1.bb
index c975395ff8..ff4aad926f 100644
--- a/meta/recipes-extended/shadow/shadow_4.8.1.bb
+++ b/meta/recipes-extended/shadow/shadow_4.8.1.bb
@@ -6,5 +6,6 @@ BUILD_LDFLAGS_append_class-target = " ${@bb.utils.contains('DISTRO_FEATURES', 'p
BBCLASSEXTEND = "native nativesdk"
-
-
+# Severity is low and marked as closed and won't fix.
+# https://bugzilla.redhat.com/show_bug.cgi?id=884658
+CVE_CHECK_WHITELIST += "CVE-2013-4235"