]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commitdiff
projects / thirdparty / openembedded / openembedded-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 24d38fe)
rsync: set status for CVE-2024-12084
authorPeter Marko <peter.marko@siemens.com>
Sun, 26 Apr 2026 12:02:51 +0000 (14:02 +0200)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Mon, 27 Apr 2026 14:05:47 +0000 (15:05 +0100)
Debian security tracker [1] says it's fixed in v3.4.0.
NVD [2] does not say that our version is vulnerable.

The CVE is reported probably because cvelistV5 has many CPE groups and
some of them are unparseable (so assumes vulnerable).

[1] https://security-tracker.debian.org/tracker/CVE-2024-12084
[2] https://nvd.nist.gov/vuln/detail/CVE-2024-12084

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-devtools/rsync/rsync_3.4.1.bb patch | blob | blame | history

diff --git a/meta/recipes-devtools/rsync/rsync_3.4.1.bb b/meta/recipes-devtools/rsync/rsync_3.4.1.bb
index 697cdee829cc07ddaa690be91c96f12fd52bfef4..509be486b87ef64381e31a08ba8ac790128b2ee7 100644 (file)
--- a/meta/recipes-devtools/rsync/rsync_3.4.1.bb
+++ b/meta/recipes-devtools/rsync/rsync_3.4.1.bb
@@ -64,3 +64,5 @@ do_install:append() {
 }
 
 BBCLASSEXTEND = "native nativesdk"
+
+CVE_STATUS[CVE-2024-12084] = "fixed-version: fixed since v3.4.0"
Mirror of git://git.openembedded.org/openembedded-core