Hello,
May I ask what are you trying to achieve?
These entries fix incorrect CPE mapping so they are still needed.
So by removing these 7 CVE_STATUS entries via your 7 contributions, you are
marking the CVEs as relevant for the components.
Basically direct opposite of what your commit messages are saying.
Peter
-----Original Message-----
From: openembedded-devel@lists.openembedded.org
<openembedded-devel@lists.openembedded.org> On Behalf Of Ninette Adhikari via
lists.openembedded.org
Sent: Wednesday, April 10, 2024 17:05
To: openembedded-devel@lists.openembedded.org
Cc: Ninette Adhikari <nine...@thehoodiefirm.com>
Subject: [oe] [PATCH 1/1] exiv2: Update CVE-2007-6353 status
> Current version 0.28.0 is not affected by the issue.
> Affected version: < 0.13-r1
>
> Signed-off-by: Ninette Adhikari <nine...@thehoodiefirm.com>
> ---
> meta-oe/recipes-support/exiv2/exiv2_0.28.0.bb | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.28.0.bb
> b/meta-oe/recipes-support/exiv2/exiv2_0.28.0.bb
> index 958810cf7..ad99d0bf4 100644
> --- a/meta-oe/recipes-support/exiv2/exiv2_0.28.0.bb
> +++ b/meta-oe/recipes-support/exiv2/exiv2_0.28.0.bb
> @@ -10,6 +10,8 @@ SRC_URI[sha256sum] =
> "89af3b5ef7277753ef7a7b5374ae017c6b9e304db3b688f1948e73e103
> # inherit dos2unix
> S = "${WORKDIR}/${BP}-Source"
>
> +CVE_STATUS[CVE-2007-6353] = "cpe-incorrect: Current version 0.28.0 is not
> affected by the issue."
> +
> inherit cmake gettext
>
> do_install:append:class-target() {
> --
> 2.44.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#109905):
https://lists.openembedded.org/g/openembedded-devel/message/109905
Mute This Topic: https://lists.openembedded.org/mt/105443451/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
