From: Peter Marko <peter.marko@siemens.com>
Date: Wed, 20 Aug 2025 16:24:14 +0000 (+0200)
Subject: Revert "dpkg: set status for CVE-2025-6297"
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3a5bfe4c4db692f10aab090a73c412eb75ea1bb5;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git

Revert "dpkg: set status for CVE-2025-6297"

This reverts commit 5dce840ba8f409490cca5dce9fe504c9115fb4e5.

CVE entry was corrected in NVD DB.
It looks like NVD is now getting faster and more reliable with
annotations...

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Cc: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
---

diff --git a/meta/recipes-devtools/dpkg/dpkg_1.22.21.bb b/meta/recipes-devtools/dpkg/dpkg_1.22.21.bb
index 69b3c3d8804..d793c26d57a 100644
--- a/meta/recipes-devtools/dpkg/dpkg_1.22.21.bb
+++ b/meta/recipes-devtools/dpkg/dpkg_1.22.21.bb
@@ -19,6 +19,3 @@ SRC_URI = "git://salsa.debian.org/dpkg-team/dpkg.git;protocol=https;branch=1.22.
 SRC_URI:append:class-native = " file://0001-build.c-ignore-return-of-1-from-tar-cf.patch"
 
 SRCREV = "d72b038fd2113cb62972e4071db03dd1388394d8"
-
-# NVD tracks this CVE as "Up to (excluding) 2025-06-30" (which is fix commit date, not dpkg version)
-CVE_STATUS[CVE-2025-6297] = "cpe-incorrect: this is fixed in 1.22.21"