NVD claims that WolfSSL 5.8.4 is affected by both of these vulnerabilities, however actually both have been fixed in that version.
CVE-2025-11931: NVD[1] references [2] PR as a patch, which was merged in [3]. CVE-2025-12889: NVD[4] referenced [5] PR as a patch, which was merged in [6]. [1]: https://nvd.nist.gov/vuln/detail/CVE-2025-11931 [2]: https://github.com/wolfSSL/wolfssl/pull/9223 [3]: https://github.com/wolfSSL/wolfssl/commit/e497d28ae1b364e0136849996b893f55d8a8fd4a [4]: https://nvd.nist.gov/vuln/detail/CVE-2025-12889 [5]: https://github.com/wolfSSL/wolfssl/pull/9395 [6]: https://github.com/wolfSSL/wolfssl/commit/2db1c7a522ba258d841fbce95ab84156669a5a3e Signed-off-by: Gyorgy Sarvari <[email protected]> --- meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.4.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.4.bb b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.4.bb index 8512269912..f16c8c1e68 100644 --- a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.4.bb +++ b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.4.bb @@ -46,3 +46,6 @@ do_install_ptest() { cp -rf ${S}/certs ${D}${PTEST_PATH} cp -rf ${S}/tests ${D}${PTEST_PATH} } + +CVE_STATUS[CVE-2025-11931] = "fixed-version: The currently used version (5.8.4) contains the fix already." +CVE_STATUS[CVE-2025-12889] = "fixed-version: The currently used version (5.8.4) contains the fix already."
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#122842): https://lists.openembedded.org/g/openembedded-devel/message/122842 Mute This Topic: https://lists.openembedded.org/mt/116920344/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
