From: Peter Marko Date: Sun, 26 Apr 2026 19:12:08 +0000 (+0200) Subject: git: set status of 5 CVEs X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=139e4e6f17da181eee029c81ea17b847e9cc559e;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git git: set status of 5 CVEs It is unclear why entries in cvelistV5 cause these CVEs to appear in CVE reports. There is one which should also not be shown per listed CPEs, however it does not have a patch, so it's not added to the list - CVE-2024-52005. The others are set to fixed with version based on which .0 release included patch mentioned in Debian security tracker for respective CVE. Signed-off-by: Peter Marko Signed-off-by: Richard Purdie --- diff --git a/meta/recipes-devtools/git/git_2.53.0.bb b/meta/recipes-devtools/git/git_2.53.0.bb index 5fe1767e28..8d71905f41 100644 --- a/meta/recipes-devtools/git/git_2.53.0.bb +++ b/meta/recipes-devtools/git/git_2.53.0.bb @@ -171,3 +171,9 @@ EXTRA_OECONF += "ac_cv_snprintf_returns_bogus=no \ EXTRA_OEMAKE += "NO_GETTEXT=1" SRC_URI[tarball.sha256sum] = "429dc0f5fe5f14109930cdbbb588c5d6ef5b8528910f0d738040744bebdc6275" + +CVE_STATUS[CVE-2024-32002] = "fixed-version: fixed since v2.46.0" +CVE_STATUS[CVE-2024-50349] = "fixed-version: fixed since v2.49.0" +CVE_STATUS[CVE-2024-52006] = "fixed-version: fixed since v2.49.0" +CVE_STATUS[CVE-2025-48385] = "fixed-version: fixed since v2.51.0" +CVE_STATUS[CVE-2025-48386] = "fixed-version: fixed since v2.51.0"