binutils: set status for CVE-2025-7545 and CVE-2025-7546

The patches linked in NVD reports are present in binutils-2_45-branch.
Technically the NVD is wrong (=2.45 should be <2.45), but fixing it in
the recipe is not problematic as all cpe-stable-backport will be
automatically removed in next upgrade so will not be "kept forever".

CVE-2025-7545
* https://nvd.nist.gov/vuln/detail/CVE-2025-7545
* https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944

CVE-2025-7546
* https://nvd.nist.gov/vuln/detail/CVE-2025-7546
* https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

diff --git a/meta/recipes-devtools/binutils/binutils-2.45.inc b/meta/recipes-devtools/binutils/binutils-2.45.inc
index 00bb181172c0a514719560c5bd087c0999e0c547..c69b4298c8139c843874a213799afe9ad36c7245 100644 (file)
--- a/meta/recipes-devtools/binutils/binutils-2.45.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.45.inc
@@ -18,6 +18,9 @@ SRCBRANCH ?= "binutils-2_45-branch"
 
 UPSTREAM_CHECK_GITTAGREGEX = "binutils-(?P<pver>\d+_(\d_?)*)"
 
+CVE_STATUS[CVE-2025-7545] = "cpe-stable-backport: fix available in used git hash"
+CVE_STATUS[CVE-2025-7546] = "cpe-stable-backport: fix available in used git hash"
+
 SRCREV ?= "2bc7af1ff7732451b6a7b09462a815c3284f9613"
 BINUTILS_GIT_URI ?= "git://sourceware.org/git/binutils-gdb.git;branch=${SRCBRANCH};protocol=https"
 SRC_URI = "\