Re: [oe] [PATCH 1/1] exiv2: Update CVE-2007-6353 status

[Ninette Adhikari]

Hi Peter,

Thanks so much for your response. Many apologies for the confusion, I was
trying to follow the example here
<https://git.yoctoproject.org/poky/commit/?id=378bc2f8e3ac393d89a6d2e52094478fb3879ef7>
to report a CVE issue but clearly I chose an incorrect classification.

I meant to say that the 7 CVEs are invalid or not relevant any more. I can
make new patches marking them as "cve-invalid" instead of "cpe-incorrect".
Would that be okay? Let me know.

Thanks again!
Ninette

On Wed, Apr 10, 2024 at 6:54 PM Marko, Peter <peter.ma...@siemens.com>
wrote:

> Hello,
>
> May I ask what are you trying to achieve?
> These entries fix incorrect CPE mapping so they are still needed.
> So by removing these 7 CVE_STATUS entries via your 7 contributions, you
> are marking the CVEs as relevant for the components.
> Basically direct opposite of what your commit messages are saying.
>
> Peter
>
> -----Original Message-----
> From: openembedded-devel@lists.openembedded.org <
> openembedded-devel@lists.openembedded.org> On Behalf Of Ninette Adhikari
> via lists.openembedded.org
> Sent: Wednesday, April 10, 2024 17:05
> To: openembedded-devel@lists.openembedded.org
> Cc: Ninette Adhikari <nine...@thehoodiefirm.com>
> Subject: [oe] [PATCH 1/1] exiv2: Update CVE-2007-6353 status
>
> > Current version 0.28.0 is not affected by the issue.
> > Affected version: < 0.13-r1
> >
> > Signed-off-by: Ninette Adhikari <nine...@thehoodiefirm.com>
> > ---
> >  meta-oe/recipes-support/exiv2/exiv2_0.28.0.bb | 2 ++
> >  1 file changed, 2 insertions(+)
> >
> > diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.28.0.bb
> b/meta-oe/recipes-support/exiv2/exiv2_0.28.0.bb
> > index 958810cf7..ad99d0bf4 100644
> > --- a/meta-oe/recipes-support/exiv2/exiv2_0.28.0.bb
> > +++ b/meta-oe/recipes-support/exiv2/exiv2_0.28.0.bb
> > @@ -10,6 +10,8 @@ SRC_URI[sha256sum] =
> "89af3b5ef7277753ef7a7b5374ae017c6b9e304db3b688f1948e73e103
> >  # inherit dos2unix
> >  S = "${WORKDIR}/${BP}-Source"
> >
> > +CVE_STATUS[CVE-2007-6353] = "cpe-incorrect: Current version 0.28.0 is
> not affected by the issue."
> > +
> >  inherit cmake gettext
> >
> >  do_install:append:class-target() {
> > --
> > 2.44.0
>
>

-- 
Ninette Adhikari
Software developer
The Neighbourhoodie Software GmbH
Harzer Straße 39, 12059 Berlin
neighbourhood.ie

Handelsregister HRB 157851 B Amtsgericht Charlottenburg
Geschäftsführung: Jan Lehnardt, Simone Haas

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#109921): 
https://lists.openembedded.org/g/openembedded-devel/message/109921
Mute This Topic: https://lists.openembedded.org/mt/105443451/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-