From: Peter Marko <peter.marko@siemens.com>
Date: Sun, 24 Nov 2024 19:11:26 +0000 (+0100)
Subject: libssh2: mark CVE-2023-48795 as fixed
X-Git-Tag: yocto-5.2~1144
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=92886f91dc6ed3f41771bc984aa11269bd68abe0;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git

libssh2: mark CVE-2023-48795 as fixed

NVD DB has typo in version (1.11.10 instead of 1.11.1)
Version 1.11.1 is the currently the latest one, there is no .10

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/recipes-support/libssh2/libssh2_1.11.1.bb b/meta/recipes-support/libssh2/libssh2_1.11.1.bb
index 6d2580072b0..c7013142c0b 100644
--- a/meta/recipes-support/libssh2/libssh2_1.11.1.bb
+++ b/meta/recipes-support/libssh2/libssh2_1.11.1.bb
@@ -50,3 +50,6 @@ do_install_ptest() {
 	mkdir -p ${D}${PTEST_PATH}/docs
 	cp -r ${S}/docs/* ${D}${PTEST_PATH}/docs/
 }
+
+# should be removed when upgrading to 1.11.10 or higher
+CVE_STATUS[CVE-2023-48795] = "fixed-version: fixed since version 1.11.1"