git: set status of 5 CVEs

It is unclear why entries in cvelistV5 cause these CVEs to appear in CVE
reports.
There is one which should also not be shown per listed CPEs, however it
does not have a patch, so it's not added to the list - CVE-2024-52005.
The others are set to fixed with version based on which .0 release
included patch mentioned in Debian security tracker for respective CVE.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

diff --git a/meta/recipes-devtools/git/git_2.53.0.bb b/meta/recipes-devtools/git/git_2.53.0.bb
index 5fe1767e285013f3bcab9d700602f57dbf88c604..8d71905f419332eb3d8b37d4517086dbcf217400 100644 (file)
--- a/meta/recipes-devtools/git/git_2.53.0.bb
+++ b/meta/recipes-devtools/git/git_2.53.0.bb
@@ -171,3 +171,9 @@ EXTRA_OECONF += "ac_cv_snprintf_returns_bogus=no \
 EXTRA_OEMAKE += "NO_GETTEXT=1"
 
 SRC_URI[tarball.sha256sum] = "429dc0f5fe5f14109930cdbbb588c5d6ef5b8528910f0d738040744bebdc6275"
+
+CVE_STATUS[CVE-2024-32002] = "fixed-version: fixed since v2.46.0"
+CVE_STATUS[CVE-2024-50349] = "fixed-version: fixed since v2.49.0"
+CVE_STATUS[CVE-2024-52006] = "fixed-version: fixed since v2.49.0"
+CVE_STATUS[CVE-2025-48385] = "fixed-version: fixed since v2.51.0"
+CVE_STATUS[CVE-2025-48386] = "fixed-version: fixed since v2.51.0"