From: Peter Marko <peter.marko@siemens.com>
Date: Sun, 26 Apr 2026 12:02:50 +0000 (+0200)
Subject: base-files: set status for CVE-2018-6557
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=24d38fe4da4ea7d110877c5aaf419af1d27dd43b;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git

base-files: set status for CVE-2018-6557

CPE in NVD [1] shows ubuntu.
Debian [1] says "Ubuntu specific motd update code".
cvelistV5 has unparseable CPE so it sbom-cve-check assumes vulnerable
  ("lessThan": "10.1ubuntu2.2").

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/recipes-core/base-files/base-files_3.0.14.bb b/meta/recipes-core/base-files/base-files_3.0.14.bb
index 3f01bb35d9..d4d777b485 100644
--- a/meta/recipes-core/base-files/base-files_3.0.14.bb
+++ b/meta/recipes-core/base-files/base-files_3.0.14.bb
@@ -167,3 +167,5 @@ CONFFILES:${PN} = "${sysconfdir}/fstab ${@['', '${sysconfdir}/hostname ${sysconf
 CONFFILES:${PN} += "${sysconfdir}/motd ${sysconfdir}/nsswitch.conf ${sysconfdir}/profile"
 
 INSANE_SKIP:${PN} += "empty-dirs"
+
+CVE_STATUS[CVE-2018-6557] = "not-applicable-platform: Ubuntu specific motd update code"