ovmf: set CVE_STATUS for CVE-2014-8271

CVE-2014-8271 has an unusual versioning, svn_16280, which breaks
the version comparison and gives us warning like below:

  Failed to compare 202308 < svn_16280 for CVE-2014-8271

The fix has been there since 2014, our current version has included
the fix.

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb
index 5b1353b8e87bb728097ff2cc104aea37b3506ed8..f98cec8035f608673539d14ec1de9ab44d45b970 100644 (file)
--- a/meta/recipes-core/ovmf/ovmf_git.bb
+++ b/meta/recipes-core/ovmf/ovmf_git.bb
@@ -33,6 +33,8 @@ UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>edk2-stable.*)"
 CVE_PRODUCT = "edk2"
 CVE_VERSION = "${@d.getVar('PV').split('stable')[1]}"
 
+CVE_STATUS[CVE-2014-8271] = "fixed-version: Fixed in svn_16280, which is an unusual versioning breaking version comparison."
+
 inherit deploy
 
 PARALLEL_MAKE = ""