]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commitdiff
projects / thirdparty / openembedded / openembedded-core-contrib.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6d28778)
xz: ignore CVE-2024-47611
authorDaniel Turull <daniel.turull@ericsson.com>
Mon, 18 Aug 2025 14:01:02 +0000 (16:01 +0200)
committerSteve Sakoman <steve@sakoman.com>
Mon, 18 Aug 2025 14:54:17 +0000 (07:54 -0700)
According to the NVD entry, it is only applicable when built
for native Windows (MinGW-w64 or MSVC).

Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-extended/xz/xz_5.4.7.bb patch | blob | blame | history

diff --git a/meta/recipes-extended/xz/xz_5.4.7.bb b/meta/recipes-extended/xz/xz_5.4.7.bb
index 563643d4d90afca6f330ac8a3c67e7bc2bf190f5..30a4c8e88cf7ec8248037de728a495b63f283f55 100644 (file)
--- a/meta/recipes-extended/xz/xz_5.4.7.bb
+++ b/meta/recipes-extended/xz/xz_5.4.7.bb
@@ -35,6 +35,8 @@ SRC_URI[sha256sum] = "8db6664c48ca07908b92baedcfe7f3ba23f49ef2476864518ab5db6723
 UPSTREAM_CHECK_REGEX = "releases/tag/v(?P<pver>\d+(\.\d+)+)"
 UPSTREAM_CHECK_URI = "https://github.com/tukaani-project/xz/releases/"
 
+CVE_STATUS[CVE-2024-47611] = "not-applicable-platform: Issue only applies on Windows"
+
 CACHED_CONFIGUREVARS += "gl_cv_posix_shell=/bin/sh"
 
 inherit autotools gettext ptest
Mirror of git://git.openembedded.org/openembedded-core-contrib