From: Peter Marko <peter.marko@siemens.com>
Date: Mon, 31 Jul 2023 07:02:32 +0000 (+0200)
Subject: bluez5: correct CVE status of ignored CVEs
X-Git-Tag: lucaceresoli/bug-15201-perf-libtraceevent-missing~224
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=150f81b764ccf1abfc69bd573d1fb997a6115884;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git

bluez5: correct CVE status of ignored CVEs

Rewrite of CVE_CHECK_IGNORE to CVE_STATUS contained copy+paste
problem changing CVE numbers.

CVE-2020-12352 -> CVE-2022-3563
CVE-2020-24490 -> CVE-2022-3637

CVE-2020-12352 is now for kernel only in NVD BD, so remove it.
CVE-2020-24490 is corrected in this commit.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/recipes-connectivity/bluez5/bluez5_5.68.bb b/meta/recipes-connectivity/bluez5/bluez5_5.68.bb
index f8405ed0919..7c7ad75ed81 100644
--- a/meta/recipes-connectivity/bluez5/bluez5_5.68.bb
+++ b/meta/recipes-connectivity/bluez5/bluez5_5.68.bb
@@ -2,8 +2,7 @@ require bluez5.inc
 
 SRC_URI[sha256sum] = "fc505e6445cb579a55cacee6821fe70d633921522043d322b696de0a175ff933"
 
-CVE_STATUS[CVE-2022-3563] = "cpe-incorrect: This issues have kernel fixes rather than bluez fixes"
-CVE_STATUS[CVE-2022-3637] = "cpe-incorrect: This issues have kernel fixes rather than bluez fixes"
+CVE_STATUS[CVE-2020-24490] = "cpe-incorrect: This issue has kernel fixes rather than bluez fixes"
 
 # noinst programs in Makefile.tools that are conditional on READLINE
 # support