Hi Peter, Thanks so much for your response. Many apologies for the confusion, I was trying to follow the example here <https://git.yoctoproject.org/poky/commit/?id=378bc2f8e3ac393d89a6d2e52094478fb3879ef7> to report a CVE issue but clearly I chose an incorrect classification.
I meant to say that the 7 CVEs are invalid or not relevant any more. I can make new patches marking them as "cve-invalid" instead of "cpe-incorrect". Would that be okay? Let me know. Thanks again! Ninette On Wed, Apr 10, 2024 at 6:54 PM Marko, Peter <peter.ma...@siemens.com> wrote: > Hello, > > May I ask what are you trying to achieve? > These entries fix incorrect CPE mapping so they are still needed. > So by removing these 7 CVE_STATUS entries via your 7 contributions, you > are marking the CVEs as relevant for the components. > Basically direct opposite of what your commit messages are saying. > > Peter > > -----Original Message----- > From: openembedded-devel@lists.openembedded.org < > openembedded-devel@lists.openembedded.org> On Behalf Of Ninette Adhikari > via lists.openembedded.org > Sent: Wednesday, April 10, 2024 17:05 > To: openembedded-devel@lists.openembedded.org > Cc: Ninette Adhikari <nine...@thehoodiefirm.com> > Subject: [oe] [PATCH 1/1] exiv2: Update CVE-2007-6353 status > > > Current version 0.28.0 is not affected by the issue. > > Affected version: < 0.13-r1 > > > > Signed-off-by: Ninette Adhikari <nine...@thehoodiefirm.com> > > --- > > meta-oe/recipes-support/exiv2/exiv2_0.28.0.bb | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.28.0.bb > b/meta-oe/recipes-support/exiv2/exiv2_0.28.0.bb > > index 958810cf7..ad99d0bf4 100644 > > --- a/meta-oe/recipes-support/exiv2/exiv2_0.28.0.bb > > +++ b/meta-oe/recipes-support/exiv2/exiv2_0.28.0.bb > > @@ -10,6 +10,8 @@ SRC_URI[sha256sum] = > "89af3b5ef7277753ef7a7b5374ae017c6b9e304db3b688f1948e73e103 > > # inherit dos2unix > > S = "${WORKDIR}/${BP}-Source" > > > > +CVE_STATUS[CVE-2007-6353] = "cpe-incorrect: Current version 0.28.0 is > not affected by the issue." > > + > > inherit cmake gettext > > > > do_install:append:class-target() { > > -- > > 2.44.0 > > -- Ninette Adhikari Software developer The Neighbourhoodie Software GmbH Harzer Straße 39, 12059 Berlin neighbourhood.ie Handelsregister HRB 157851 B Amtsgericht Charlottenburg Geschäftsführung: Jan Lehnardt, Simone Haas
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#109921): https://lists.openembedded.org/g/openembedded-devel/message/109921 Mute This Topic: https://lists.openembedded.org/mt/105443451/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-