From: Peter Marko <peter.marko@siemens.com>
Date: Wed, 29 Apr 2026 19:36:43 +0000 (+0200)
Subject: libmicrohttpd: set status for CVE-2025-59777 and CVE-2025-62689
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4c63dd2f8b149c5bbf3f6296adc0cf623d6cb10e;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git

libmicrohttpd: set status for CVE-2025-59777 and CVE-2025-62689

This was fixed in the same commit includeded in 1.0.3 per [1] and [2].
The CVEs have dates instead of version in CPE.

[1] https://security-tracker.debian.org/tracker/CVE-2025-59777
[2] https://security-tracker.debian.org/tracker/CVE-2025-62689

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/recipes-support/libmicrohttpd/libmicrohttpd_1.0.5.bb b/meta/recipes-support/libmicrohttpd/libmicrohttpd_1.0.5.bb
index cca3496a19..935fbfcf89 100644
--- a/meta/recipes-support/libmicrohttpd/libmicrohttpd_1.0.5.bb
+++ b/meta/recipes-support/libmicrohttpd/libmicrohttpd_1.0.5.bb
@@ -25,3 +25,6 @@ do_compile:append() {
 }
 
 BBCLASSEXTEND = "native nativesdk"
+
+CVE_STATUS[CVE-2025-59777] = "fixed-version: fixed since 1.0.3"
+CVE_STATUS[CVE-2025-62689] = "fixed-version: fixed since 1.0.3"