mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-01-29 21:08:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

gnupg: mark CVE-2025-30258 as patched

Browse Source 
Per NVD report [1] this CVE is fixed by [2].
This commit was backported to 2.4.8 via [3].

[1] https://nvd.nist.gov/vuln/detail/CVE-2025-30258
[2] https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158
[3] da0164efc7

(From OE-Core rev: 88fe1eaa4bcd7c838902d8cdc067276c5f32624d)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Peter Marko
2025-10-14 23:34:23 +02:00
committed by Steve Sakoman
parent 2f86700da6
commit f0bbacca46
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
meta/recipes-support/gnupg/gnupg_2.4.8.bb
View File

@@ -82,3 +82,4 @@ BBCLASSEXTEND = "native nativesdk"
lcl_maybe_fortify:mipsarch = "" lcl_maybe_fortify:mipsarch = ""
CVE_STATUS[CVE-2022-3219] = "upstream-wontfix: Upstream doesn't seem to be keen on merging the proposed commit - https://dev.gnupg.org/T5993" CVE_STATUS[CVE-2022-3219] = "upstream-wontfix: Upstream doesn't seem to be keen on merging the proposed commit - https://dev.gnupg.org/T5993"
CVE_STATUS[CVE-2025-30258] = "cpe-stable-backport: fir for this CVE was backported to version 2.4.8"