On 1/22/25 00:41, Marko, Peter wrote:
This is not correct.
The patch CVE-2024-3596_00 does not fix any part of that CVE.
As the commit message says, it's a style commit so that real CVE patches apply
cleanly.
If it bothers you that it has CVE in filename but no CVE, maybe rename it
instead adding incorrect tag?
The cve patches can't be applied without it, may we should just leave it as the
current status.
// Robert
Peter
-----Original Message-----
From: [email protected] <openembedded-
[email protected]> On Behalf Of Robert Yang via
lists.openembedded.org
Sent: Monday, January 20, 2025 7:01
To: [email protected]
Subject: [OE-core] [scarthgap][PATCH 1/1] wpa-supplicant: Add CVE id to CVE-
2024-3596_00.patch
From: Robert Yang <[email protected]>
Signed-off-by: Robert Yang <[email protected]>
---
.../wpa-supplicant/wpa-supplicant/CVE-2024-3596_00.patch | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-
3596_00.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-
supplicant/CVE-2024-3596_00.patch
index 7a8197d2b4..58e1327f2b 100644
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-
3596_00.patch
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-
3596_00.patch
@@ -6,6 +6,7 @@ Subject: [PATCH 1/9] ieee802_11_auth: Coding style cleanup -
no string
Signed-off-by: Jouni Malinen <[email protected]>
+CVE: CVE-2024-3596
Upstream-Status: Backport
[https://w1.fi/cgit/hostap/commit/?id=945acf3ef06a6c312927da4fa055693dbac
432d1]
Signed-off-by: Peter Marko <[email protected]>
---
--
2.44.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#210135):
https://lists.openembedded.org/g/openembedded-core/message/210135
Mute This Topic: https://lists.openembedded.org/mt/110710911/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
