Note that this depends on Bruce’s latest kernel patches. Ross
> On 5 Dec 2023, at 13:23, Ross Burton via lists.openembedded.org > <[email protected]> wrote: > > From: Ross Burton <[email protected]> > > Signed-off-by: Ross Burton <[email protected]> > --- > .../linux/cve-exclusion_6.1.inc | 26 +++++++++++++++---- > .../linux/cve-exclusion_6.5.inc | 22 +++++++++++++--- > 2 files changed, 40 insertions(+), 8 deletions(-) > > diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc > b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc > index 1216e0c2ddd..1e366481ff6 100644 > --- a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc > +++ b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc > @@ -1,9 +1,9 @@ > > # Auto-generated CVE metadata, DO NOT EDIT BY HAND. > -# Generated at 2023-11-09 17:12:27.365962+00:00 for version 6.1.61 > +# Generated at 2023-12-05 13:22:34.961692+00:00 for version 6.1.65 > > python check_kernel_cve_status_version() { > - this_version = "6.1.61" > + this_version = "6.1.65" > kernel_version = d.getVar("LINUX_VERSION") > if kernel_version != this_version: > bb.warn("Kernel CVE status needs updating: generated for %s but > kernel is %s" % (this_version, kernel_version)) > @@ -4524,7 +4524,7 @@ CVE_STATUS[CVE-2022-43945] = "fixed-version: Fixed from > version 6.1rc1" > > # CVE-2022-44033 needs backporting (fixed from 6.4rc1) > > -# CVE-2022-44034 has no known resolution > +# CVE-2022-44034 needs backporting (fixed from 6.4rc1) > > # CVE-2022-4543 has no known resolution > > @@ -5016,6 +5016,10 @@ CVE_STATUS[CVE-2023-39193] = "cpe-stable-backport: > Backported in 6.1.53" > > CVE_STATUS[CVE-2023-39194] = "cpe-stable-backport: Backported in 6.1.47" > > +CVE_STATUS[CVE-2023-39197] = "cpe-stable-backport: Backported in 6.1.39" > + > +CVE_STATUS[CVE-2023-39198] = "cpe-stable-backport: Backported in 6.1.47" > + > CVE_STATUS[CVE-2023-4004] = "cpe-stable-backport: Backported in 6.1.42" > > # CVE-2023-4010 has no known resolution > @@ -5104,7 +5108,7 @@ CVE_STATUS[CVE-2023-4881] = "cpe-stable-backport: > Backported in 6.1.54" > > CVE_STATUS[CVE-2023-4921] = "cpe-stable-backport: Backported in 6.1.54" > > -# CVE-2023-5090 needs backporting (fixed from 6.6rc7) > +CVE_STATUS[CVE-2023-5090] = "cpe-stable-backport: Backported in 6.1.62" > > CVE_STATUS[CVE-2023-5158] = "cpe-stable-backport: Backported in 6.1.57" > > @@ -5114,7 +5118,19 @@ CVE_STATUS[CVE-2023-5197] = "cpe-stable-backport: > Backported in 6.1.56" > > CVE_STATUS[CVE-2023-5345] = "cpe-stable-backport: Backported in 6.1.56" > > -# CVE-2023-5633 needs backporting (fixed from 6.6rc6) > +CVE_STATUS[CVE-2023-5633] = "fixed-version: only affects 6.2 onwards" > > CVE_STATUS[CVE-2023-5717] = "cpe-stable-backport: Backported in 6.1.60" > > +# CVE-2023-5972 needs backporting (fixed from 6.6rc7) > + > +# CVE-2023-6039 needs backporting (fixed from 6.5rc5) > + > +CVE_STATUS[CVE-2023-6111] = "fixed-version: only affects 6.6rc3 onwards" > + > +# CVE-2023-6121 needs backporting (fixed from 6.7rc3) > + > +CVE_STATUS[CVE-2023-6176] = "cpe-stable-backport: Backported in 6.1.54" > + > +# CVE-2023-6238 has no known resolution > + > diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.5.inc > b/meta/recipes-kernel/linux/cve-exclusion_6.5.inc > index b4086d436c4..6304d80844c 100644 > --- a/meta/recipes-kernel/linux/cve-exclusion_6.5.inc > +++ b/meta/recipes-kernel/linux/cve-exclusion_6.5.inc > @@ -1,9 +1,9 @@ > > # Auto-generated CVE metadata, DO NOT EDIT BY HAND. > -# Generated at 2023-11-09 17:13:01.267965+00:00 for version 6.5.10 > +# Generated at 2023-12-05 13:22:43.339114+00:00 for version 6.5.13 > > python check_kernel_cve_status_version() { > - this_version = "6.5.10" > + this_version = "6.5.13" > kernel_version = d.getVar("LINUX_VERSION") > if kernel_version != this_version: > bb.warn("Kernel CVE status needs updating: generated for %s but > kernel is %s" % (this_version, kernel_version)) > @@ -4524,7 +4524,7 @@ CVE_STATUS[CVE-2022-44032] = "fixed-version: Fixed from > version 6.4rc1" > > CVE_STATUS[CVE-2022-44033] = "fixed-version: Fixed from version 6.4rc1" > > -# CVE-2022-44034 has no known resolution > +CVE_STATUS[CVE-2022-44034] = "fixed-version: Fixed from version 6.4rc1" > > # CVE-2022-4543 has no known resolution > > @@ -5016,6 +5016,10 @@ CVE_STATUS[CVE-2023-39193] = "cpe-stable-backport: > Backported in 6.5.3" > > CVE_STATUS[CVE-2023-39194] = "fixed-version: Fixed from version 6.5rc7" > > +CVE_STATUS[CVE-2023-39197] = "fixed-version: Fixed from version 6.5rc1" > + > +CVE_STATUS[CVE-2023-39198] = "fixed-version: Fixed from version 6.5rc7" > + > CVE_STATUS[CVE-2023-4004] = "fixed-version: Fixed from version 6.5rc3" > > # CVE-2023-4010 has no known resolution > @@ -5118,3 +5122,15 @@ CVE_STATUS[CVE-2023-5633] = "cpe-stable-backport: > Backported in 6.5.8" > > CVE_STATUS[CVE-2023-5717] = "cpe-stable-backport: Backported in 6.5.9" > > +CVE_STATUS[CVE-2023-5972] = "cpe-stable-backport: Backported in 6.5.9" > + > +CVE_STATUS[CVE-2023-6039] = "fixed-version: Fixed from version 6.5rc5" > + > +CVE_STATUS[CVE-2023-6111] = "fixed-version: only affects 6.6rc3 onwards" > + > +# CVE-2023-6121 needs backporting (fixed from 6.7rc3) > + > +CVE_STATUS[CVE-2023-6176] = "cpe-stable-backport: Backported in 6.5.4" > + > +# CVE-2023-6238 has no known resolution > + > -- > 2.34.1 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#191819): https://lists.openembedded.org/g/openembedded-core/message/191819 Mute This Topic: https://lists.openembedded.org/mt/102991079/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
