c-ares: whitelist CVE-2023-31124

CVE-2023-31124 applies only when cross-compiling using autotools. Yocto cross-compiles via cmake which is also listed as official workaround. See: * https://nvd.nist.gov/vuln/detail/CVE-2023-31124 * https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 Signed-off-by: virendra thakur <virendrak@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2026-01-01 13:58:06 +00:00 · 2023-06-27 13:20:13 +05:30 · 2023-06-27 13:20:13 +05:30 · e5808a69cd
commit e5808a69cd
parent 8b5ce0d524
1 changed files with 4 additions and 0 deletions
--- a/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb
+++ b/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb
@ -23,3 +23,7 @@ PACKAGES =+ "${PN}-utils"
 FILES_${PN}-utils = "${bindir}"

 BBCLASSEXTEND = "native nativesdk"
+
+# this vulneribility applies only when cross-compiling using autotools
+# yocto cross-compiles via cmake which is also listed as official workaround
+CVE_CHECK_WHITELIST += "CVE-2023-31124"