From 150f81b764ccf1abfc69bd573d1fb997a6115884 Mon Sep 17 00:00:00 2001
From: Peter Marko <peter.marko@siemens.com>
Date: Mon, 31 Jul 2023 09:02:32 +0200
Subject: [PATCH] bluez5: correct CVE status of ignored CVEs

Rewrite of CVE_CHECK_IGNORE to CVE_STATUS contained copy+paste
problem changing CVE numbers.

CVE-2020-12352 -> CVE-2022-3563
CVE-2020-24490 -> CVE-2022-3637

CVE-2020-12352 is now for kernel only in NVD BD, so remove it.
CVE-2020-24490 is corrected in this commit.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-connectivity/bluez5/bluez5_5.68.bb | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/meta/recipes-connectivity/bluez5/bluez5_5.68.bb b/meta/recipes-connectivity/bluez5/bluez5_5.68.bb
index f8405ed0919..7c7ad75ed81 100644
--- a/meta/recipes-connectivity/bluez5/bluez5_5.68.bb
+++ b/meta/recipes-connectivity/bluez5/bluez5_5.68.bb
@@ -2,8 +2,7 @@ require bluez5.inc
 
 SRC_URI[sha256sum] = "fc505e6445cb579a55cacee6821fe70d633921522043d322b696de0a175ff933"
 
-CVE_STATUS[CVE-2022-3563] = "cpe-incorrect: This issues have kernel fixes rather than bluez fixes"
-CVE_STATUS[CVE-2022-3637] = "cpe-incorrect: This issues have kernel fixes rather than bluez fixes"
+CVE_STATUS[CVE-2020-24490] = "cpe-incorrect: This issue has kernel fixes rather than bluez fixes"
 
 # noinst programs in Makefile.tools that are conditional on READLINE
 # support
-- 
2.47.3