mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-22 15:32:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

git: Ignore CVE-2022-24975

Browse Source 
Everyone I've talked to doesn't see this as a major issue. The CVE
asks for a documentation improvement on the --mirror option to
git clone as deleted content could be leaked into a mirror. For OE's
general users/use cases, we wouldn't build or ship docs so this wouldn't
affect us.

(From OE-Core rev: 5dfe2dd5482c9a446f8e722fe51903d205e6770d)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Richard Purdie
2022-04-12 11:21:13 +01:00
parent 45afc335d3
commit c362c7feef
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
meta/recipes-devtools/git/git_2.35.1.bb
View File

@@ -18,6 +18,11 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=7c0d7ef03a7eb04ce795b0f60e68e7e1"
CVE_PRODUCT = "git-scm:git"
# This is about a manpage not mentioning --mirror may "leak" information
# in mirrored git repos. Most OE users wouldn't build the docs and
# we don't see this as a major issue for our general users/usecases.
CVE_CHECK_IGNORE += "CVE-2022-24975"
PACKAGECONFIG ??= "expat curl"
PACKAGECONFIG[cvsserver] = ""
PACKAGECONFIG[svn] = ""