python3-setuptools: set status for CVE-2024-6345

Current version of sbom-cve-check reports this for some reason.
NVD does not have CPE and cvelistV5 ([1]) says "lessThan": "70.0".

[1] https://github.com/CVEProject/cvelistV5/blob/main/cves/2024/6xxx/CVE-2024-6345.json

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

diff --git a/meta/recipes-devtools/python/python3-setuptools_82.0.1.bb b/meta/recipes-devtools/python/python3-setuptools_82.0.1.bb
index a3943a29c39677da52eb7864138a6b20860e54dc..c413578faf549f3cd99df3c4b3af7a430281583f 100644 (file)
--- a/meta/recipes-devtools/python/python3-setuptools_82.0.1.bb
+++ b/meta/recipes-devtools/python/python3-setuptools_82.0.1.bb
@@ -49,3 +49,5 @@ BBCLASSEXTEND = "native nativesdk"
 # This used to use the bootstrap install which didn't compile. Until we bump the
 # tmpdir version we can't compile the native otherwise the sysroot unpack fails
 INSTALL_WHEEL_COMPILE_BYTECODE:class-native = "--no-compile-bytecode"
+
+CVE_STATUS[CVE-2024-6345] = "fixed-version: fixed since 70.0"