The recipe used in the `meta-openembedded` is a different mercurial package compared to the one which has the CVE issue. Package used in `meta-embedded`: https://www.mercurial-scm.org/ Package with CVE issue is a Jenkins plugin: https://plugins.jenkins.io/mercurial/ (This is reflected in the CPE)
Signed-off-by: Ninette Adhikari <nine...@thehoodiefirm.com> --- meta-oe/recipes-devtools/mercurial/mercurial_6.6.3.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-oe/recipes-devtools/mercurial/mercurial_6.6.3.bb b/meta-oe/recipes-devtools/mercurial/mercurial_6.6.3.bb index 89e6744dc..395a33079 100644 --- a/meta-oe/recipes-devtools/mercurial/mercurial_6.6.3.bb +++ b/meta-oe/recipes-devtools/mercurial/mercurial_6.6.3.bb @@ -34,3 +34,4 @@ PACKAGES =+ "${PN}-python" FILES:${PN} += "${PYTHON_SITEPACKAGES_DIR} ${datadir}" FILES:${PN}-python = "${nonarch_libdir}/${PYTHON_DIR}" +CVE_STATUS[CVE-2022-43410] = "cpe-incorrect: The recipe used in the `meta-openembedded` is a different mercurial package compared to the one which has the CVE issue." -- 2.44.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#111098): https://lists.openembedded.org/g/openembedded-devel/message/111098 Mute This Topic: https://lists.openembedded.org/mt/106890162/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-