On Thu, 2021-12-09 at 04:43 -1000, Steve Sakoman wrote: > On Thu, Dec 9, 2021 at 4:36 AM Tim Orling <tim.orl...@konsulko.com> wrote: > > > > > > > > On Thu, Dec 9, 2021 at 4:12 AM Marta Rybczynska <rybczyn...@gmail.com> > > wrote: > > > > > > On Thu, Dec 9, 2021 at 7:53 AM Tim Orling <ticot...@gmail.com> wrote: > > > > > > > > From: Richard Purdie <richard.pur...@linuxfoundation.org> > > > > > > > > The CVE applies to binutils 2.26 and not to gcc so ignore there. > > > > > > > > > > Tim, > > > Have you requested a NVD database change on this one? Or you prefer me to > > > do it? > > > > > I have not. I was simply back-porting the patch from Richard. > > It's always preferable to request a change to the database when it is > wrong. They are usually pretty responsive. > > I'll take the patch for now, and if/when they accept the update we can > remove the exception in master/dunfell.
This one is a little fuzzy. There is an entry for binutils there too and I didn't understand why there was an unversioned gcc entry there with it. It could be our CPE parsing isn't quite right. I may also be referring to gcc the project rather than the component. Regardless, I wanted it off our CVE list! Cheers, Richard
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#159453): https://lists.openembedded.org/g/openembedded-core/message/159453 Mute This Topic: https://lists.openembedded.org/mt/87607595/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-