MIRRORS/meta-virtualization
1
0
Fork 0
mirror of git://git.yoctoproject.org/meta-virtualization.git synced 2025-07-19 20:59:41 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

skopeo: Mark CVE-2019-10214 as fixed

Browse Source 
This CVE was fixed[1] in the container image go library skopeo is using
(vendoring). The current version of the image go module is v5.20.0 while
the fix landed since v3.0.0[2].

See RedHat's resolution[3] for more details.

[1] https://github.com/containers/image/issues/654
[2] a3d69a4a89
[3] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10214

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
This commit is contained in:
Andrei Gherzan 2022-08-25 19:32:26 +02:00 committed by Bruce Ashfield
parent d55da717eb
commit 538e94e674
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
recipes-containers/skopeo/skopeo_git.bb
View File

@ -34,6 +34,12 @@ S = "${WORKDIR}/git"
inherit goarch
inherit pkgconfig
# This CVE was fixed in the container image go library skopeo is using.
# See:
# https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10214
# https://github.com/containers/image/issues/654
CVE_CHECK_IGNORE += "CVE-2019-10214"
# This disables seccomp and apparmor, which are on by default in the
# go package.
EXTRA_OEMAKE="BUILDTAGS=''"