gnupg: mark CVE-2025-30258 as patched

Per NVD report [1] this CVE is fixed by [2].
This commit was backported to 2.4.8 via [3].

[1] https://nvd.nist.gov/vuln/detail/CVE-2025-30258
[2] https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158
[3] https://gitlab.com/freepg/gnupg/-/commit/da0164efc7f32013bc24d97b9afa9f8d67c318bb

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

diff --git a/meta/recipes-support/gnupg/gnupg_2.4.8.bb b/meta/recipes-support/gnupg/gnupg_2.4.8.bb
index 9c5de263c56c1755f81e2f24f1086910ce3c6ee0..a6e777abf89be2f57e62ae92d75c83760204fdff 100644 (file)
--- a/meta/recipes-support/gnupg/gnupg_2.4.8.bb
+++ b/meta/recipes-support/gnupg/gnupg_2.4.8.bb
@@ -82,3 +82,4 @@ BBCLASSEXTEND = "native nativesdk"
 lcl_maybe_fortify:mipsarch = ""
 
 CVE_STATUS[CVE-2022-3219] = "upstream-wontfix: Upstream doesn't seem to be keen on merging the proposed commit - https://dev.gnupg.org/T5993"
+CVE_STATUS[CVE-2025-30258] = "cpe-stable-backport: fir for this CVE was backported to version 2.4.8"