From: Peter Marko <[email protected]> Last version bump removed patch for this CVE because it was integrated in new release. This has caused the CVE to reappear in reports because 2023-09-12 is "higher" than 11.5...
Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Steve Sakoman <[email protected]> --- meta/recipes-devtools/gcc/gcc-11.5.inc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-devtools/gcc/gcc-11.5.inc b/meta/recipes-devtools/gcc/gcc-11.5.inc index c316d2a9a0..5d29b8e61e 100644 --- a/meta/recipes-devtools/gcc/gcc-11.5.inc +++ b/meta/recipes-devtools/gcc/gcc-11.5.inc @@ -121,3 +121,6 @@ EXTRA_OECONF_PATHS = "\ # Is a binutils 2.26 issue, not gcc CVE_CHECK_IGNORE += "CVE-2021-37322" + +# This is fixed by commit 75c37e0314, nvd uses arm versioning (2023-09-12) which will alway be higher than 11.x +CVE_CHECK_IGNORE += "CVE-2023-4039" -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#206021): https://lists.openembedded.org/g/openembedded-core/message/206021 Mute This Topic: https://lists.openembedded.org/mt/109063386/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
