From: Peter Marko <[email protected]> CVE patch was removed on last upgrade as fixing commit was backported to stable 8.2.x branch.
NVD DB has this CVE as version-less (with "-"). So explicit status set is needed to mark it as fixed. (From OE-Core rev: 64359ec3b60ae68d39c2e6444f903fd20e397cff) Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Mathieu Dubois-Briand <[email protected]> Signed-off-by: Richard Purdie <[email protected]> Signed-off-by: Steve Sakoman <[email protected]> --- meta/recipes-devtools/qemu/qemu.inc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 40ee267a42..4dc6c104c7 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -78,6 +78,9 @@ CVE_STATUS[CVE-2023-6683] = "cpe-incorrect: Applies only against version 8.2.1 a CVE_STATUS[CVE-2023-6693] = "cpe-incorrect: Applies only against version 8.2.0 and earlier" +# NVD DB has this CVE as version-less (with "-") +CVE_STATUS[CVE-2024-6505] = "fixed-version: this CVE is fixed since 9.1.0" + COMPATIBLE_HOST:mipsarchn32 = "null" COMPATIBLE_HOST:mipsarchn64 = "null" COMPATIBLE_HOST:riscv32 = "null" -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#208549): https://lists.openembedded.org/g/openembedded-core/message/208549 Mute This Topic: https://lists.openembedded.org/mt/110032813/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
