Hello all, I'm in process of clarifying entries for NVD to have them fixed in the sources. The comments in the patch linked do not include all the needed information, however.
Let's take this one: +# https://nvd.nist.gov/vuln/detail/CVE-2022-1462 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.19 a501ab75e7624d133a5a3c7ec010687c8b961d23 +# Backported in version v5.4.208 f7785092cb7f022f59ebdaa181651f7c877df132 +# Backported in version v5.10.134 08afa87f58d83dfe040572ed591b47e8cb9e225c +# Backported in version v5.15.58 b2d1e4cd558cffec6bfe318f5d74e6cffc374d29 +CVE_CHECK_IGNORE += "CVE-2022-1462" We need to write a set of rules on which versions are vulnerable, like this: [v2.6.12 - v5.4.208] [v5.5.0 ??? - v5.10.134] [v5.11.0 ??? - v5.15.58] [v5.16.0 ??? - v5.19.0] The values with ??? are uncertain. Geoffrey, Yann, as it was scripted out according to one of the discussions, are you able to confirm those "starting" versions ? Kind regards, Marta
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#182410): https://lists.openembedded.org/g/openembedded-core/message/182410 Mute This Topic: https://lists.openembedded.org/mt/99357871/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
