From: Khem Raj <raj.khem@gmail.com>
Date: Sun, 11 Aug 2024 15:55:15 +0000 (-0700)
Subject: gnupg: Document CVE-2022-3219 and mark wontfix
X-Git-Tag: yocto-5.2~2079
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f10f9c3a8d2c17d5a6c3f0b00749e5b34a66e090;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git

gnupg: Document CVE-2022-3219 and mark wontfix

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/recipes-support/gnupg/gnupg_2.4.5.bb b/meta/recipes-support/gnupg/gnupg_2.4.5.bb
index 99996968b1a..97b5d8856c0 100644
--- a/meta/recipes-support/gnupg/gnupg_2.4.5.bb
+++ b/meta/recipes-support/gnupg/gnupg_2.4.5.bb
@@ -88,3 +88,4 @@ BBCLASSEXTEND = "native nativesdk"
 
 lcl_maybe_fortify:mipsarch = ""
 
+CVE_STATUS[CVE-2022-3219] = "upstream-wontfix: Upstream doesn't seem to be keen on merging the proposed commit - https://dev.gnupg.org/T5993"