The recipe used in the `meta-openembedded` is a different mercurial package compared to the one which has the CVE issue. Package used in `meta-embedded`: https://www.mercurial-scm.org/ Package with CVE issue is a Jenkins plugin: https://plugins.jenkins.io/mercurial/ (This is reflected in the CPE)
Ninette Adhikari (1): mercurial: Update CVE status for CVE-2022-43410 meta-oe/recipes-devtools/mercurial/mercurial_6.6.3.bb | 1 + 1 file changed, 1 insertion(+) -- 2.44.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#111097): https://lists.openembedded.org/g/openembedded-devel/message/111097 Mute This Topic: https://lists.openembedded.org/mt/106890159/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-