From: Chen Qi <qi.c...@windriver.com> For all those CVE-2019-xxxxx CVEs, following the links in NVD, we can see they have all been fixed.
For CVE-2014-4859 and CVE-2014-4860, there's no useful links in NVD, but according to the following two links, they have also been fixed. https://security-tracker.debian.org/tracker/CVE-2014-4859 https://security-tracker.debian.org/tracker/CVE-2014-4860 Signed-off-by: Chen Qi <qi.c...@windriver.com> --- meta/recipes-core/ovmf/ovmf_git.bb | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb index 97651faf62..35ca8d1834 100644 --- a/meta/recipes-core/ovmf/ovmf_git.bb +++ b/meta/recipes-core/ovmf/ovmf_git.bb @@ -34,6 +34,15 @@ CVE_PRODUCT = "edk2" CVE_VERSION = "${@d.getVar('PV').split('stable')[1]}" CVE_STATUS[CVE-2014-8271] = "fixed-version: Fixed in svn_16280, which is an unusual versioning breaking version comparison." +CVE_STATUS[CVE-2014-4859] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions." +CVE_STATUS[CVE-2014-4860] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions." +CVE_STATUS[CVE-2019-14553] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions." +CVE_STATUS[CVE-2019-14559] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions." +CVE_STATUS[CVE-2019-14562] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions." +CVE_STATUS[CVE-2019-14563] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions." +CVE_STATUS[CVE-2019-14575] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions." +CVE_STATUS[CVE-2019-14586] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions." +CVE_STATUS[CVE-2019-14587] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions." inherit deploy -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#198015): https://lists.openembedded.org/g/openembedded-core/message/198015 Mute This Topic: https://lists.openembedded.org/mt/105402982/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-