Some of the CVE_STATUS assignments are not specific to the version, so
move them to an unversioned file and include it in the recipes.
For example: some CVEs are disputed, or are specific to other
distributions.
Signed-off-by: Ross Burton <ross.burton@arm.com>
--- /dev/null
+CVE_STATUS[CVE-2018-6559] = "not-applicable-platform: Issue only affects Ubuntu"
+
+CVE_STATUS[CVE-2020-11935] = "not-applicable-config: Issue only affects aufs, which is not in linux-yocto"
+
+# Introduced in version v6.1 7b88bda3761b95856cf97822efe8281c8100067b
+# Patched in kernel since v6.2 4a625ceee8a0ab0273534cb6b432ce6b331db5ee
+# But, the CVE is disputed:
+CVE_STATUS[CVE-2023-23005] = "disputed: There are no realistic cases \
+in which a user can cause the alloc_memory_type error case to be reached. \
+See: https://bugzilla.suse.com/show_bug.cgi?id=1208844#c2"
require recipes-kernel/linux/linux-yocto.inc
# CVE exclusions
+include recipes-kernel/linux/cve-exclusion.inc
include recipes-kernel/linux/cve-exclusion_6.1.inc
# board specific branches
require recipes-kernel/linux/linux-yocto.inc
# CVE exclusions
+include recipes-kernel/linux/cve-exclusion.inc
include recipes-kernel/linux/cve-exclusion_6.4.inc
# board specific branches
projects / thirdparty / openembedded / openembedded-core-contrib.git / commitdiff
