These CVEs were filed for "Fram's Fast File Exchange" application, which has the same abbreviated name as fex. Currently this recipe has no historical CVEs associated, so I couldn't set the correct CVE_PRODUCT. Rather ignore these irrelevant CVEs explicitly.
Signed-off-by: Gyorgy Sarvari <[email protected]> --- meta-oe/recipes-devtools/fex/fex_2511.bb | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/meta-oe/recipes-devtools/fex/fex_2511.bb b/meta-oe/recipes-devtools/fex/fex_2511.bb index 9c0748ac63..88dd48f953 100644 --- a/meta-oe/recipes-devtools/fex/fex_2511.bb +++ b/meta-oe/recipes-devtools/fex/fex_2511.bb @@ -54,3 +54,9 @@ LDFLAGS += "-fuse-ld=lld" FILES:${PN} += "${datadir} ${libdir}/binfmt.d ${libdir}/libFEXCore.so" FILES:${PN}-dev = "${includedir}" + +# At the time of writing this, this recipe has no historical CVEs associated, and couldn't +# find a CPE to set. So ignore these unrelated vulnerabilities. +CVE_STATUS_GROUPS = "CVE_STATUS_WRONG_CPE" +CVE_STATUS_WRONG_CPE[status] = "cpe-incorrect: These vulnerabilities are for unrelated Fram's Fast File-EXchange application" +CVE_STATUS_WRONG_CPE = "CVE-2012-0869 CVE-2012-1293 CVE-2014-3875 CVE-2014-3876 CVE-2014-3877"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#122464): https://lists.openembedded.org/g/openembedded-devel/message/122464 Mute This Topic: https://lists.openembedded.org/mt/116695319/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
