From: Peter Marko <[email protected]> It is unclear why entries in cvelistV5 cause these CVEs to appear in CVE reports. There is one which should also not be shown per listed CPEs, however it does not have a patch, so it's not added to the list - CVE-2024-52005. The others are set to fixed with version based on which .0 release included patch mentioned in Debian security tracker for respective CVE.
Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Richard Purdie <[email protected]> (cherry picked from commit 139e4e6f17da181eee029c81ea17b847e9cc559e) Signed-off-by: Yoann Congal <[email protected]> --- meta/recipes-devtools/git/git_2.53.0.bb | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/meta/recipes-devtools/git/git_2.53.0.bb b/meta/recipes-devtools/git/git_2.53.0.bb index 5fe1767e285..8d71905f419 100644 --- a/meta/recipes-devtools/git/git_2.53.0.bb +++ b/meta/recipes-devtools/git/git_2.53.0.bb @@ -171,3 +171,9 @@ EXTRA_OECONF += "ac_cv_snprintf_returns_bogus=no \ EXTRA_OEMAKE += "NO_GETTEXT=1" SRC_URI[tarball.sha256sum] = "429dc0f5fe5f14109930cdbbb588c5d6ef5b8528910f0d738040744bebdc6275" + +CVE_STATUS[CVE-2024-32002] = "fixed-version: fixed since v2.46.0" +CVE_STATUS[CVE-2024-50349] = "fixed-version: fixed since v2.49.0" +CVE_STATUS[CVE-2024-52006] = "fixed-version: fixed since v2.49.0" +CVE_STATUS[CVE-2025-48385] = "fixed-version: fixed since v2.51.0" +CVE_STATUS[CVE-2025-48386] = "fixed-version: fixed since v2.51.0"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#236656): https://lists.openembedded.org/g/openembedded-core/message/236656 Mute This Topic: https://lists.openembedded.org/mt/119210613/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
