CVE-2023-47100 is an NVD 9.8 vulnerability filed against perl 5.30.0, through 5.38.2 - which includes the 5.34.3 version used in OE-core kirkstone.
But the issue and reported fix are the same as CVE-2023-47038, whose fix has already been merged into the 5.34.3 source. Further, both CVEs have inaccurate configuration ranges reported on NVD. NI filed several requests to MITRE to correct the duplication weeks ago, but there hasn't been any action. I manually checked the kirkstone perl sources and confirmed that the common fix for both CVEs is in place. -47038 is already correctly-reported as 'patched' (due to the erroneous configuration string). This patchset further ignores the duplicate -47100 filing. Alex Stewart (1): perl: ignore CVE-2023-47100 meta/recipes-devtools/perl/perl_5.34.3.bb | 3 +++ 1 file changed, 3 insertions(+) -- 2.43.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197941): https://lists.openembedded.org/g/openembedded-core/message/197941 Mute This Topic: https://lists.openembedded.org/mt/105316082/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-