From: Peter Marko Date: Thu, 16 Apr 2026 19:10:32 +0000 (+0200) Subject: binutils: mark CVE-2025-69652 as fixed X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=aee71e8677c44645da26203ebcd3f380e4d464dd;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git binutils: mark CVE-2025-69652 as fixed Fix commit [1] mentioned in the NVD report [2] is aleady included in 2.46 even when NVD says <= 2.46 $ git tag --contains 44b79abd0fa12e7947252eb4c6e5d16ed6033e01 binutils-2_46 [1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=44b79abd0fa12e7947252eb4c6e5d16ed6033e01 [2] https://nvd.nist.gov/vuln/detail/CVE-2025-69652 Signed-off-by: Peter Marko Signed-off-by: Richard Purdie --- diff --git a/meta/recipes-devtools/binutils/binutils-2.46.inc b/meta/recipes-devtools/binutils/binutils-2.46.inc index d41a3a3f1a..6ae6cef352 100644 --- a/meta/recipes-devtools/binutils/binutils-2.46.inc +++ b/meta/recipes-devtools/binutils/binutils-2.46.inc @@ -21,6 +21,7 @@ UPSTREAM_CHECK_GITTAGREGEX = "binutils-(?P\d+_(\d_?)*)" CVE_STATUS[CVE-2025-69650] = "disputed: observed behavior only in pre-release code, does not affect any tagged version" CVE_STATUS[CVE-2025-69651] = "disputed: observed behavior only in pre-release code, does not affect any tagged version" CVE_STATUS[CVE-2025-69649] = "fixed-version: Fixed from version 2.46" +CVE_STATUS[CVE-2025-69652] = "fixed-version: Fixed from version 2.46" SRCREV ?= "49d4d3fafa4ec4ff5a3460d91d5b1ed5286487db" BINUTILS_GIT_URI ?= "git://sourceware.org/git/binutils-gdb.git;branch=${SRCBRANCH};protocol=https"