From: Ross Burton <ross.burton@arm.com>
Date: Mon, 13 May 2024 15:21:30 +0000 (+0000)
Subject: cpio: mark CVE-2023-7216 as disputed
X-Git-Tag: uninative-4.5~30
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6c99147037ba8ca424ee42520183bd2bd55c7056;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git

cpio: mark CVE-2023-7216 as disputed

Upstream consider the behaviour described in this CVE as intentional,
and provide an option to stop it.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/recipes-extended/cpio/cpio_2.15.bb b/meta/recipes-extended/cpio/cpio_2.15.bb
index 52070f59a25..95f82cdf3ab 100644
--- a/meta/recipes-extended/cpio/cpio_2.15.bb
+++ b/meta/recipes-extended/cpio/cpio_2.15.bb
@@ -16,6 +16,7 @@ SRC_URI[sha256sum] = "efa50ef983137eefc0a02fdb51509d624b5e3295c980aa127ceee41834
 inherit autotools gettext texinfo ptest
 
 CVE_STATUS[CVE-2010-4226] = "not-applicable-platform: Issue applies to use of cpio in SUSE/OBS"
+CVE_STATUS[CVE-2023-7216] = "disputed: intended behaviour, see https://lists.gnu.org/archive/html/bug-cpio/2024-03/msg00000.html"
 
 EXTRA_OECONF += "DEFAULT_RMT_DIR=${sbindir}"