From: Ross Burton <ross.burton@arm.com>
Date: Mon, 4 Sep 2023 16:03:35 +0000 (+0100)
Subject: cve-extra-exclusions: remove BlueZ issues
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7f354aed364b17259a642cc97e30a0a2b8218134;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git

cve-extra-exclusions: remove BlueZ issues

These BlueZ issues were mislabelled as Linux issues, but now that the
CPE data is accurate this ignore can be removed.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc b/meta/conf/distro/include/cve-extra-exclusions.inc
index 84217e4acde..51926f342a1 100644
--- a/meta/conf/distro/include/cve-extra-exclusions.inc
+++ b/meta/conf/distro/include/cve-extra-exclusions.inc
@@ -74,11 +74,6 @@ CVE_STATUS_KERNEL_HISTORIC = "CVE-1999-0524 CVE-1999-0656 CVE-2006-2932 CVE-2007
 CVE_STATUS_KERNEL_HISTORIC[status] = "ignored"
 
 
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3563
-# https://nvd.nist.gov/vuln/detail/CVE-2022-3637
-CVE_STATUS[CVE-2022-3563] = "cpe-incorrect: This issue do not affect the kernel, patchs listed on CVE pages links to https://git.kernel.org/pub/scm/bluetooth/bluez.git"
-CVE_STATUS[CVE-2022-3637] = "cpe-incorrect: This issue do not affect the kernel, patchs listed on CVE pages links to https://git.kernel.org/pub/scm/bluetooth/bluez.git"
-
 # qemu:qemu-native:qemu-system-native https://nvd.nist.gov/vuln/detail/CVE-2021-20255
 CVE_STATUS[CVE-2021-20255] = "upstream-wontfix: \
 There was a proposed patch https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html \