On Sun, 2024-02-18 at 17:42 +0000, Richard Purdie wrote: > On Sun, 2024-02-18 at 16:52 +0000, Simone Weiß wrote: > > From: Simone Weiß <simone.p.we...@posteo.com> > > > > All are already fixed in 8.2.1, NVD was informed that cpes are wrong. > > > > Signed-off-by: Simone Weiß <simone.p.we...@posteo.com> > > --- > > meta/recipes-devtools/qemu/qemu.inc | 6 ++++++ > > 1 file changed, 6 insertions(+) > > > > diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes- > > devtools/qemu/qemu.inc > > index 5d953e5ef5..233652fc49 100644 > > --- a/meta/recipes-devtools/qemu/qemu.inc > > +++ b/meta/recipes-devtools/qemu/qemu.inc > > @@ -68,6 +68,12 @@ CVE_STATUS[CVE-2023-0664] = "not-applicable- > > platform: Issue only applies on Wind > > # As per https://bugzilla.redhat.com/show_bug.cgi?id=2203387 > > CVE_STATUS[CVE-2023-2680] = "not-applicable-platform: RHEL specific > > issue." > > > > +CVE_STATUS[CVE-2023-3019] = "cpe-incorrect: Applies against versions > > > 8.2.0 only" > > + > > +CVE_STATUS[CVE-2023-5088] = "cpe-incorrect: Applies against versions > > >= 8.2.0 only" > > + > > +CVE_STATUS[CVE-2023-6693] = "cpe-incorrect: Applies against versions > > >= 8.2.0 only" > > + > > COMPATIBLE_HOST:mipsarchn32 = "null" > > COMPATIBLE_HOST:mipsarchn64 = "null" > > COMPATIBLE_HOST:riscv32 = "null" > > > > Thanks for trying to resolve these. > > I'm struggling a little to read the above since to me that says the CVE > applies to versions greater than 8.2.0 so 8.2.1 would be affected? > Should the operators be the other way around, or should we spell it out > ("applies to versions 8.2.0 and earlier")? > > Cheers, > > Richard I'll spell it out > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#195844): https://lists.openembedded.org/g/openembedded-core/message/195844 Mute This Topic: https://lists.openembedded.org/mt/104430283/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-