From: Peter Marko <[email protected]> Current version of sbom-cve-check reports this for some reason. NVD does not have CPE and cvelistV5 ([1]) says "lessThan": "70.0".
[1] https://github.com/CVEProject/cvelistV5/blob/main/cves/2024/6xxx/CVE-2024-6345.json Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Richard Purdie <[email protected]> (cherry picked from commit 8d03ae7b6e25c4ef3953c3fe49ca0c939296d222) Signed-off-by: Yoann Congal <[email protected]> --- meta/recipes-devtools/python/python3-setuptools_82.0.1.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-devtools/python/python3-setuptools_82.0.1.bb b/meta/recipes-devtools/python/python3-setuptools_82.0.1.bb index a3943a29c39..c413578faf5 100644 --- a/meta/recipes-devtools/python/python3-setuptools_82.0.1.bb +++ b/meta/recipes-devtools/python/python3-setuptools_82.0.1.bb @@ -49,3 +49,5 @@ BBCLASSEXTEND = "native nativesdk" # This used to use the bootstrap install which didn't compile. Until we bump the # tmpdir version we can't compile the native otherwise the sysroot unpack fails INSTALL_WHEEL_COMPILE_BYTECODE:class-native = "--no-compile-bytecode" + +CVE_STATUS[CVE-2024-6345] = "fixed-version: fixed since 70.0"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#236645): https://lists.openembedded.org/g/openembedded-core/message/236645 Mute This Topic: https://lists.openembedded.org/mt/119210602/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
