From: Chen Qi <Qi.Chen@windriver.com>
Date: Sat, 6 Apr 2024 04:41:29 +0000 (+0800)
Subject: ovmf: set CVE_STATUS for CVE-2014-8271
X-Git-Tag: 2024-04-scarthgap~43
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fdd74b3f3e3a8a07a6107e6ef07198ebe63d2bc8;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git

ovmf: set CVE_STATUS for CVE-2014-8271

CVE-2014-8271 has an unusual versioning, svn_16280, which breaks
the version comparison and gives us warning like below:

  Failed to compare 202308 < svn_16280 for CVE-2014-8271

The fix has been there since 2014, our current version has included
the fix.

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb
index 5b1353b8e87..f98cec8035f 100644
--- a/meta/recipes-core/ovmf/ovmf_git.bb
+++ b/meta/recipes-core/ovmf/ovmf_git.bb
@@ -33,6 +33,8 @@ UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>edk2-stable.*)"
 CVE_PRODUCT = "edk2"
 CVE_VERSION = "${@d.getVar('PV').split('stable')[1]}"
 
+CVE_STATUS[CVE-2014-8271] = "fixed-version: Fixed in svn_16280, which is an unusual versioning breaking version comparison."
+
 inherit deploy
 
 PARALLEL_MAKE = ""