mirror of
https://git.yoctoproject.org/poky
synced 2026-02-28 20:39:39 +01:00
60ca60be6f
https://nvd.nist.gov/vuln/detail/CVE-2018-13410 is disputed and also Debian considers it not a vulnerability: https://security-tracker.debian.org/tracker/CVE-2018-13410 http://seclists.org/fulldisclosure/2018/Jul/24 "Negligible security impact, would involve that a untrusted party controls the -TT value." https://nvd.nist.gov/vuln/detail/CVE-2018-13684 is not for zip, also Debian concludes this: https://security-tracker.debian.org/tracker/CVE-2018-13684 "NOT-FOR-US: smart contract implementation for ZIP" (From OE-Core rev: f0314a6937a63b3274bcd84817476834c1de876e) Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>