merged. Bruce
In message: [meta-virtualization][PATCH] podman: ignore CVE-2022-2989 and CVE-2023-0778 on 29/07/2023 Peter Marko via lists.yoctoproject.org wrote: > From: Peter Marko <[email protected]> > > NVD shows only redhat links and does not mention fixed-in release > se these CVEs will show-up in reports indefinitely. > They are already fixed in current version, so ignore them. > > CVE-2022-2989 > * https://github.com/advisories/GHSA-4wjj-jwc9-2x96 > * https://github.com/containers/podman/pull/15618 > * commit d82a41687e614d9ac8b2d169dee47fe226835e4c Add container GID to > additional groups > > CVE-2023-0778 > * https://github.com/advisories/GHSA-qwqv-rqgf-8qh8 > * https://github.com/containers/podman/pull/17528 > * commit 6ca857feb07a5fdc96fd947afef03916291673d8 volume,container: chroot to > source before exporting content > > Signed-off-by: Peter Marko <[email protected]> > --- > recipes-containers/podman/podman_git.bb | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/recipes-containers/podman/podman_git.bb > b/recipes-containers/podman/podman_git.bb > index 145b46f..9060e85 100644 > --- a/recipes-containers/podman/podman_git.bb > +++ b/recipes-containers/podman/podman_git.bb > @@ -34,6 +34,9 @@ S = "${WORKDIR}/git" > > PV = "4.6.0-rc1+git${SRCPV}" > > +CVE_STATUS[CVE-2022-2989] = "fixed-version: fixed since v4.3.0" > +CVE_STATUS[CVE-2023-0778] = "fixed-version: fixed since v4.5.0" > + > PACKAGES =+ "${PN}-contrib" > > PODMAN_PKG = "github.com/containers/libpod" > -- > 2.30.2 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#8162): https://lists.yoctoproject.org/g/meta-virtualization/message/8162 Mute This Topic: https://lists.yoctoproject.org/mt/100434748/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/leave/6693005/21656/1014668956/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
