The recipe used in the `meta-openembedded` is a different mercurial package
compared to the one which has the CVE issue.
Package used in `meta-embedded`: https://www.mercurial-scm.org/
Package with CVE issue is a Jenkins plugin:
https://plugins.jenkins.io/mercurial/
(This is reflected in the CPE)
Signed-off-by: Ninette Adhikari <nine...@thehoodiefirm.com>
---
meta-oe/recipes-devtools/mercurial/mercurial_6.6.3.bb | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta-oe/recipes-devtools/mercurial/mercurial_6.6.3.bb
b/meta-oe/recipes-devtools/mercurial/mercurial_6.6.3.bb
index 89e6744dc..395a33079 100644
--- a/meta-oe/recipes-devtools/mercurial/mercurial_6.6.3.bb
+++ b/meta-oe/recipes-devtools/mercurial/mercurial_6.6.3.bb
@@ -34,3 +34,4 @@ PACKAGES =+ "${PN}-python"
FILES:${PN} += "${PYTHON_SITEPACKAGES_DIR} ${datadir}"
FILES:${PN}-python = "${nonarch_libdir}/${PYTHON_DIR}"
+CVE_STATUS[CVE-2022-43410] = "cpe-incorrect: The recipe used in the
`meta-openembedded` is a different mercurial package compared to the one which
has the CVE issue."
--
2.44.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#111098):
https://lists.openembedded.org/g/openembedded-devel/message/111098
Mute This Topic: https://lists.openembedded.org/mt/106890162/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
