bluez5: mark two CVEs as being in the wrong product

CVE-2020-12351 and CVE-2020-12352 ("BleedingTooth") are actually issues
in the Linux kernel, not BlueZ as reported in the CVE.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

diff --git a/meta/recipes-connectivity/bluez5/bluez5_5.86.bb b/meta/recipes-connectivity/bluez5/bluez5_5.86.bb
index 2d56fc642dee9bd2ad8a7086ca9e5adf6508ffe7..8974a2c69c975f8760d76ebe6e68c254b62aae1d 100644 (file)
--- a/meta/recipes-connectivity/bluez5/bluez5_5.86.bb
+++ b/meta/recipes-connectivity/bluez5/bluez5_5.86.bb
@@ -5,6 +5,8 @@ LDFLAGS += " ${@bb.utils.contains('DISTRO_FEATURES', 'ld-is-lld', '-Wl,-z,nostar
 SRC_URI[sha256sum] = "99f144540c6070591e4c53bcb977eb42664c62b7b36cb35a29cf72ded339621d"
 
 CVE_STATUS[CVE-2020-24490] = "cpe-incorrect: This issue has kernel fixes rather than bluez fixes"
+CVE_STATUS[CVE-2020-12351] = "cpe-incorrect: This issue has kernel fixes rather than bluez fixes"
+CVE_STATUS[CVE-2020-12352] = "cpe-incorrect: This issue has kernel fixes rather than bluez fixes"
 
 # noinst programs in Makefile.tools that are conditional on READLINE
 # support