mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-01-29 21:08:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

meta: Update CVE_STATUS for incorrect cpes

Browse Source 
Set CVE_STATUS as none of the issues apply against the versions
used in the recipes.

(From OE-Core rev: cea8c8bf73e84133f566d1c2ca0637494f2d7afe)

Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Simone Weiß
2024-02-18 22:32:32 +00:00
committed by Richard Purdie
parent 5e21c5d64e
commit 2bcd651a08
4 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
meta/recipes-bsp/grub/grub2.inc
View File

@@ -27,6 +27,8 @@ CVE_STATUS[CVE-2019-14865] = "not-applicable-platform: applies only to RHEL"
CVE_STATUS[CVE-2021-46705] = "not-applicable-platform: Applies only to SUSE"
CVE_STATUS[CVE-2023-4001] = "not-applicable-platform: Applies only to RHEL/Fedora"
CVE_STATUS[CVE-2024-1048] = "not-applicable-platform: Applies only to RHEL/Fedora"
CVE_STATUS[CVE-2023-4692] = "cpe-incorrect: Fixed in version 2.12 already"
CVE_STATUS[CVE-2023-4693] = "cpe-incorrect: Fixed in version 2.12 already"
DEPENDS = "flex-native bison-native gettext-native"

2
meta/recipes-devtools/binutils/binutils-2.42.inc
View File

@@ -18,6 +18,8 @@ SRCBRANCH ?= "binutils-2_42-branch"
UPSTREAM_CHECK_GITTAGREGEX = "binutils-(?P<pver>\d+_(\d_?)*)"
CVE_STATUS[CVE-2023-25584] = "cpe-incorrect: Applies only for version 2.40 and earlier"
SRCREV ?= "553c7f61b74badf91df484450944675efd9cd485"
BINUTILS_GIT_URI ?= "git://sourceware.org/git/binutils-gdb.git;branch=${SRCBRANCH};protocol=https"
SRC_URI = "\

1
meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb
View File

@@ -73,3 +73,4 @@ COMPATIBLE_HOST = "^(?!arc).*"
CVE_PRODUCT = "ghostscript gpl_ghostscript"
CVE_STATUS[CVE-2023-38560] = "not-applicable-config: PCL isn't part of the Ghostscript release"
CVE_STATUS[CVE-2023-38559] = "cpe-incorrect: Issue only appears in versions before 10.02.0"

1
meta/recipes-multimedia/libtiff/tiff_4.6.0.bb
View File

@@ -24,6 +24,7 @@ SRC_URI[sha256sum] = "88b3979e6d5c7e32b50d7ec72fb15af724f6ab2cbf7e10880c360a77e4
UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar"
CVE_STATUS[CVE-2015-7313] = "fixed-version: Tested with check from https://security-tracker.debian.org/tracker/CVE-2015-7313 and already 4.3.0 doesn't have the issue"
CVE_STATUS[CVE-2023-3164] = "cpe-incorrect: Issue only affects the tiffcrop tool not compiled by default since 4.6.0"
inherit autotools multilib_header