apache2: ignore CVE-1999-1237

This vulnerability is for Apache-AuthenSmb module. Fixed in 0.9, current version is 0.72. In any case, not part of Apache2 sources. [1] points to [2], which is archived under [3] [1] https://nvd.nist.gov/vuln/detail/CVE-1999-1237 [2] http://www.securityfocus.com/archive/1/14384 [3] https://web.archive.org/web/20020618143426/http://online.securityfocus.com/archive/1/14384 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2026-01-01 13:58:06 +00:00 · 2024-12-24 13:44:12 +01:00 · 2024-12-24 13:44:12 +01:00 · 59d3949e3e
commit 59d3949e3e
parent 6b96d4062d
1 changed files with 1 additions and 0 deletions
--- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.62.bb
+++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.62.bb
@ -39,6 +39,7 @@ CVE_PRODUCT = "apache:http_server"

 CVE_STATUS[CVE-1999-0289] = "not-applicable-platform: The current version is not affected. It only applies for Windows"
 CVE_STATUS[CVE-1999-0678] = "not-applicable-platform: this CVE is for Debian packaging configuration"
+CVE_STATUS[CVE-1999-1237] = "cpe-incorrect: This is vulnerability of Apache AuthenSmb module, fixed in 0.9"
 CVE_STATUS[CVE-1999-1412] = "not-applicable-platform: this CVE is for MAC OS X specific problem"
 CVE_STATUS[CVE-2007-0086] = "disputed: this CVE is officially disputed by Redhat"
 CVE_STATUS[CVE-2007-0450] = "not-applicable-platform: The current version is not affected. It only applies for Windows."