> On 21 Jan 2024, at 19:19, Simone Weiß via lists.openembedded.org > <[email protected]> wrote: > +CVE_STATUS[CVE-2023-4039] = "fixed-version: Fixed via CVE-2023-4039.patch in > gcc-13-2.inc which is added via require here”
I’m guessing this is because gcc and friends all use gcc-source recipe, so gcc.bb doesn’t actually have any sources. This CVE_STATUS should be in the gcc-13.2.inc file, so that all the GCC recipes which use that source get the correct status. Ross
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#194146): https://lists.openembedded.org/g/openembedded-core/message/194146 Mute This Topic: https://lists.openembedded.org/mt/103872310/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
