Hello, May I ask what are you trying to achieve? These entries fix incorrect CPE mapping so they are still needed. So by removing these 7 CVE_STATUS entries via your 7 contributions, you are marking the CVEs as relevant for the components. Basically direct opposite of what your commit messages are saying.
Peter -----Original Message----- From: openembedded-devel@lists.openembedded.org <openembedded-devel@lists.openembedded.org> On Behalf Of Ninette Adhikari via lists.openembedded.org Sent: Wednesday, April 10, 2024 17:05 To: openembedded-devel@lists.openembedded.org Cc: Ninette Adhikari <nine...@thehoodiefirm.com> Subject: [oe] [PATCH 1/1] exiv2: Update CVE-2007-6353 status > Current version 0.28.0 is not affected by the issue. > Affected version: < 0.13-r1 > > Signed-off-by: Ninette Adhikari <nine...@thehoodiefirm.com> > --- > meta-oe/recipes-support/exiv2/exiv2_0.28.0.bb | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.28.0.bb > b/meta-oe/recipes-support/exiv2/exiv2_0.28.0.bb > index 958810cf7..ad99d0bf4 100644 > --- a/meta-oe/recipes-support/exiv2/exiv2_0.28.0.bb > +++ b/meta-oe/recipes-support/exiv2/exiv2_0.28.0.bb > @@ -10,6 +10,8 @@ SRC_URI[sha256sum] = > "89af3b5ef7277753ef7a7b5374ae017c6b9e304db3b688f1948e73e103 > # inherit dos2unix > S = "${WORKDIR}/${BP}-Source" > > +CVE_STATUS[CVE-2007-6353] = "cpe-incorrect: Current version 0.28.0 is not > affected by the issue." > + > inherit cmake gettext > > do_install:append:class-target() { > -- > 2.44.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#109905): https://lists.openembedded.org/g/openembedded-devel/message/109905 Mute This Topic: https://lists.openembedded.org/mt/105443451/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-