Build: mark remaining CVEs reported by cve_check as mitigated or ignored
After the last library update cve_check still reported some false positives. One GMP issues was mitigated with a patch in the library update. The others are ignored, with a description explaining why they do not affect Blender. Ref D16269, T101403
This commit is contained in:
parent
2fb0640740
commit
da0d699d92
|
@ -27,10 +27,12 @@ get_cmake_property(_variableNames VARIABLES)
|
|||
foreach (_variableName ${_variableNames})
|
||||
if(_variableName MATCHES "CPE$")
|
||||
string(REPLACE ":" ";" CPE_LIST ${${_variableName}})
|
||||
string(REPLACE "_CPE" "_ID" CPE_DEPNAME ${_variableName})
|
||||
list(GET CPE_LIST 3 CPE_VENDOR)
|
||||
list(GET CPE_LIST 4 CPE_NAME)
|
||||
list(GET CPE_LIST 5 CPE_VERSION)
|
||||
set(SBOMCONTENTS "${SBOMCONTENTS}${CPE_VENDOR},${CPE_NAME},${CPE_VERSION}\n")
|
||||
set(${CPE_DEPNAME} "${CPE_VENDOR},${CPE_NAME},${CPE_VERSION}")
|
||||
set(SBOMCONTENTS "${SBOMCONTENTS}${CPE_VENDOR},${CPE_NAME},${CPE_VERSION},,,\n")
|
||||
endif()
|
||||
endforeach()
|
||||
configure_file(${CMAKE_SOURCE_DIR}/cmake/cve_check.csv.in ${CMAKE_CURRENT_BINARY_DIR}/cve_check.csv @ONLY)
|
||||
|
|
|
@ -1,2 +1,23 @@
|
|||
vendor,product,version
|
||||
vendor,product,version,cve_number,remarks,comment
|
||||
@OPENJPEG_ID@,CVE-2016-9675,Ignored,issue in convert command line tool not used by blender
|
||||
@PYTHON_ID@,CVE-2009-2940,Ignored,issue in pygresql not used by blender
|
||||
@PYTHON_ID@,CVE-2020-29396,Ignored,issue in odoo not used by blender
|
||||
@PYTHON_ID@,CVE-2021-32052,Ignored,issue in django not used by blender
|
||||
@PYTHON_ID@,CVE-2009-3720,Ignored,already fixed in libexpat version used
|
||||
@SSL_ID@,CVE-2009-1390,Ignored,issue in mutt not used by blender
|
||||
@SSL_ID@,CVE-2009-3765,Ignored,issue in mutt not used by blender
|
||||
@SSL_ID@,CVE-2009-3766,Ignored,issue in mutt not used by blender
|
||||
@SSL_ID@,CVE-2009-3767,Ignored,issue in ldap not used by blender
|
||||
@SSL_ID@,CVE-2019-0190,Ignored,issue in apache not used by blender
|
||||
@TIFF_ID@,CVE-2022-2056,Ignored,issue in tiff command line tool not used by blender
|
||||
@TIFF_ID@,CVE-2022-2057,Ignored,issue in tiff command line tool not used by blender
|
||||
@TIFF_ID@,CVE-2022-2058,Ignored,issue in tiff command line tool not used by blender
|
||||
@TIFF_ID@,CVE-2022-2519,Ignored,issue in tiff command line tool not used by blender
|
||||
@TIFF_ID@,CVE-2022-2520,Ignored,issue in tiff command line tool not used by blender
|
||||
@TIFF_ID@,CVE-2022-2521,Ignored,issue in tiff command line tool not used by blender
|
||||
@TIFF_ID@,CVE-2022-2953,Ignored,issue in tiff command line tool not used by blender
|
||||
@TIFF_ID@,CVE-2022-34526,Ignored,issue in tiff command line tool not used by blender
|
||||
@XML2_ID@,CVE-2016-3709,Ignored,not affecting blender and not considered a security issue upstream
|
||||
@GMP_ID@,CVE-2021-43618,Mitigated,patched using upstream commit 561a9c25298e
|
||||
@SQLITE_ID@,CVE-2022-35737,Ignored,only affects SQLITE_ENABLE_STAT4 compile option not used by blender or python
|
||||
@SBOMCONTENTS@
|
||||
|
|
Loading…
Reference in New Issue