mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-14 17:02:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

shadow: whitelist CVE-2013-4235

Browse Source 
This CVE is about TOCTOU (time-of-check time-of-use)
race condition when copying and removing directory trees
which had very low severity problem and marked as closed
and won't fix. Therefore whitelisted CVE-2013-4235.
Master, gatesgarth and dunfell all have shadow version 4.81.
Hence, this is applicable for master, gatesgarth and dunfell.
Link: https://bugzilla.redhat.com/show_bug.cgi?id=884658

(From OE-Core rev: b1c6cd87bee6b019619dc5728fd6c36bc87ed696)

Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Purushottam Choudhary
2021-03-03 16:20:38 +05:30
committed by Richard Purdie
parent a595ac00c9
commit cc300fb849
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
meta/recipes-extended/shadow/shadow_4.8.1.bb
View File

@@ -6,5 +6,6 @@ BUILD_LDFLAGS_append_class-target = " ${@bb.utils.contains('DISTRO_FEATURES', 'p
BBCLASSEXTEND = "native nativesdk"
# Severity is low and marked as closed and won't fix.
# https://bugzilla.redhat.com/show_bug.cgi?id=884658
CVE_CHECK_WHITELIST += "CVE-2013-4235"