From 59d3949e3ed673bd049aadfd2238213b550f1461 Mon Sep 17 00:00:00 2001 From: Peter Marko Date: Tue, 24 Dec 2024 13:44:12 +0100 Subject: [PATCH] apache2: ignore CVE-1999-1237 This vulnerability is for Apache-AuthenSmb module. Fixed in 0.9, current version is 0.72. In any case, not part of Apache2 sources. [1] points to [2], which is archived under [3] [1] https://nvd.nist.gov/vuln/detail/CVE-1999-1237 [2] http://www.securityfocus.com/archive/1/14384 [3] https://web.archive.org/web/20020618143426/http://online.securityfocus.com/archive/1/14384 Signed-off-by: Peter Marko Signed-off-by: Khem Raj --- meta-webserver/recipes-httpd/apache2/apache2_2.4.62.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.62.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.62.bb index bba00fb95c..4db672c9ab 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.62.bb +++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.62.bb @@ -39,6 +39,7 @@ CVE_PRODUCT = "apache:http_server" CVE_STATUS[CVE-1999-0289] = "not-applicable-platform: The current version is not affected. It only applies for Windows" CVE_STATUS[CVE-1999-0678] = "not-applicable-platform: this CVE is for Debian packaging configuration" +CVE_STATUS[CVE-1999-1237] = "cpe-incorrect: This is vulnerability of Apache AuthenSmb module, fixed in 0.9" CVE_STATUS[CVE-1999-1412] = "not-applicable-platform: this CVE is for MAC OS X specific problem" CVE_STATUS[CVE-2007-0086] = "disputed: this CVE is officially disputed by Redhat" CVE_STATUS[CVE-2007-0450] = "not-applicable-platform: The current version is not affected. It only applies for Windows."