From: Peter Marko <[email protected]> History of code changes: * introduced: https://github.com/ilibarchive/libarchive/commit/390d83012fdba8c8db7fc9915338805882b0597a (v3.7.2-52-g390d8301) * reverted: 6https://github.com/libarchive/libarchive/commit/2c8caf6611a7d0662d80176c4fdb40f85794699 (v3.7.2-53-g62c8caf6) * re-introduced: 9https://github.com/libarchive/libarchive/commit/1f27004a5c88589658e38d68e46d223da6b75ca (v3.7.3-14-g91f27004) * fixed: bhttps://github.com/libarchive/libarchive/commit/6a979481b7d77c12fa17bbed94576b63bbcb0c0 (v3.7.3-24-gb6a97948)
Since there is no release where this CVE was present, we can safely ignore it. Signed-off-by: Peter Marko <[email protected]> --- meta/recipes-extended/libarchive/libarchive_3.6.2.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb index c83eec9b1a..a7a3e47412 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb @@ -38,6 +38,8 @@ SRC_URI[sha256sum] = "ba6d02f15ba04aba9c23fd5f236bb234eab9d5209e95d1c4df85c44d5f # upstream-wontfix: upstream has documented that reported function is not thread-safe CVE_CHECK_IGNORE += "CVE-2023-30571" +# cpe-incorrect: this vulnerability was not in any release; introduced in v3.7.3-14-g91f27004; fixed in b6a97948 +CVE_CHECK_IGNORE += "CVE-2024-37407" inherit autotools update-alternatives pkgconfig -- 2.30.2
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#202229): https://lists.openembedded.org/g/openembedded-core/message/202229 Mute This Topic: https://lists.openembedded.org/mt/107420325/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
