meta: Update CVE_STATUS for incorrect cpes

author Simone Weiß <simone.p.weiss@posteo.com>

Sun, 18 Feb 2024 22:32:32 +0000 (22:32 +0000)

committer Richard Purdie <richard.purdie@linuxfoundation.org>

Sat, 24 Feb 2024 16:10:19 +0000 (16:10 +0000)
author Simone Weiß <simone.p.weiss@posteo.com>
Sun, 18 Feb 2024 22:32:32 +0000 (22:32 +0000)
committer Richard Purdie <richard.purdie@linuxfoundation.org>
Sat, 24 Feb 2024 16:10:19 +0000 (16:10 +0000)
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc

index 83cf6047de28d2dc16fd69fe59f3a5b2f45a8a1c..bb9aacb478aca986acb10cda9ae7f5e0e0c259a0 100644 (file)
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -27,6 +27,8 @@ CVE_STATUS[CVE-2019-14865] = "not-applicable-platform: applies only to RHEL"
  CVE_STATUS[CVE-2021-46705] = "not-applicable-platform: Applies only to SUSE"
  CVE_STATUS[CVE-2023-4001]  = "not-applicable-platform: Applies only to RHEL/Fedora"
  CVE_STATUS[CVE-2024-1048]  = "not-applicable-platform: Applies only to RHEL/Fedora"
+CVE_STATUS[CVE-2023-4692]  = "cpe-incorrect: Fixed in version 2.12 already"
+CVE_STATUS[CVE-2023-4693]  = "cpe-incorrect: Fixed in version 2.12 already"
  
  DEPENDS = "flex-native bison-native gettext-native"
  
diff --git a/meta/recipes-devtools/binutils/binutils-2.42.inc b/meta/recipes-devtools/binutils/binutils-2.42.inc

index b6c275af46db506f3c2a5528878a9c8f7853077a..5fcb4292b3e017820eaa1faac16d3b431b29aca2 100644 (file)
--- a/meta/recipes-devtools/binutils/binutils-2.42.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.42.inc
@@ -18,6 +18,8 @@ SRCBRANCH ?= "binutils-2_42-branch"
  
  UPSTREAM_CHECK_GITTAGREGEX = "binutils-(?P<pver>\d+_(\d_?)*)"
  
+CVE_STATUS[CVE-2023-25584] = "cpe-incorrect: Applies only for version 2.40 and earlier"
+
  SRCREV ?= "553c7f61b74badf91df484450944675efd9cd485"
  BINUTILS_GIT_URI ?= "git://sourceware.org/git/binutils-gdb.git;branch=${SRCBRANCH};protocol=https"
  SRC_URI = "\
diff --git a/meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb b/meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb

index 2c965b6451c18ec33d67144b41c799ba7a9909ac..3dff16eec2263fd1f5c54e31fb96c4c78ad36585 100644 (file)
--- a/meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb
@@ -73,3 +73,4 @@ COMPATIBLE_HOST = "^(?!arc).*"
  CVE_PRODUCT = "ghostscript gpl_ghostscript"
  
  CVE_STATUS[CVE-2023-38560] = "not-applicable-config: PCL isn't part of the Ghostscript release"
+CVE_STATUS[CVE-2023-38559] = "cpe-incorrect: Issue only appears in versions before 10.02.0"
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb

index a26e4694f6a1ad497a90e20e870c8176c85157d8..d42ea6a6e5be6dad611e6e930500179d946ecc35 100644 (file)
--- a/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb
@@ -24,6 +24,7 @@ SRC_URI[sha256sum] = "88b3979e6d5c7e32b50d7ec72fb15af724f6ab2cbf7e10880c360a77e4
  UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar"
  
  CVE_STATUS[CVE-2015-7313] = "fixed-version: Tested with check from https://security-tracker.debian.org/tracker/CVE-2015-7313 and already 4.3.0 doesn't have the issue"
+CVE_STATUS[CVE-2023-3164] = "cpe-incorrect: Issue only affects the tiffcrop tool not compiled by default since 4.6.0"
  
  inherit autotools multilib_header
author	Simone Weiß <simone.p.weiss@posteo.com>
	Sun, 18 Feb 2024 22:32:32 +0000 (22:32 +0000)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Sat, 24 Feb 2024 16:10:19 +0000 (16:10 +0000)
meta/recipes-bsp/grub/grub2.inc		patch \| blob \| blame \| history
meta/recipes-devtools/binutils/binutils-2.42.inc		patch \| blob \| blame \| history
meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb		patch \| blob \| blame \| history
meta/recipes-multimedia/libtiff/tiff_4.6.0.bb		patch \| blob \| blame \| history