nss: Whitelist CVEs related to libnssdbm

These CVEs only affect libnssdbm, compiled when --enable-legacy-db is used. https://bugzilla.mozilla.org/show_bug.cgi?id=1360782#c6 https://bugzilla.mozilla.org/show_bug.cgi?id=1360778#c8 https://bugzilla.mozilla.org/show_bug.cgi?id=1360900#c6 https://bugzilla.mozilla.org/show_bug.cgi?id=1360779#c9 Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2026-01-01 13:58:06 +00:00 · 2022-12-08 15:23:45 +01:00 · 2022-12-08 15:23:45 +01:00 · 90645db2fa
commit 90645db2fa
parent 8e0432fd54
1 changed files with 4 additions and 0 deletions
--- a/meta-oe/recipes-support/nss/nss_3.74.bb
+++ b/meta-oe/recipes-support/nss/nss_3.74.bb
@ -284,3 +284,7 @@ CVE_PRODUCT += "network_security_services"

 # CVE-2006-5201 affects only Sun Solaris
 CVE_CHECK_IGNORE += "CVE-2006-5201"
+
+# CVES CVE-2017-11695 CVE-2017-11696 CVE-2017-11697 CVE-2017-11698 only affect
+# the legacy db (libnssdbm), only compiled with --enable-legacy-db.
+CVE_CHECK_IGNORE += "CVE-2017-11695 CVE-2017-11696 CVE-2017-11697 CVE-2017-11698"