From: Simone Weiß <simone.p.weiss@posteo.com>
Date: Mon, 22 Jan 2024 16:41:32 +0000 (+0000)
Subject: gcc: Update status of CVE-2023-4039
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cc78945cf8372eea743ecddfca47cbc084641678;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git

gcc: Update status of CVE-2023-4039

This is fixed via a patch added in gcc-13.2.inc already, but still
reported e.g. for libgcc as it is not defining an own source but use the
shared gcc-source.

Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 301d45eacfd4ae6bddfb13207e2af9e8b4662bc8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---

diff --git a/meta/recipes-devtools/gcc/gcc-13.2.inc b/meta/recipes-devtools/gcc/gcc-13.2.inc
index 359db1e2781..32fddd11c23 100644
--- a/meta/recipes-devtools/gcc/gcc-13.2.inc
+++ b/meta/recipes-devtools/gcc/gcc-13.2.inc
@@ -115,3 +115,4 @@ EXTRA_OECONF_PATHS = "\
 "
 
 CVE_STATUS[CVE-2021-37322] = "cpe-incorrect: Is a binutils 2.26 issue, not gcc"
+CVE_STATUS[CVE-2023-4039] = "fixed-version: Fixed via CVE-2023-4039.patch included here. Set the status explictly to deal with all recipes that share the gcc-source"