These CVEs was fixed in current 7zip version

Signed-off-by: Hongxu Jia <[email protected]>
---
 meta-oe/recipes-extended/7zip/7zip_26.01.bb | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/meta-oe/recipes-extended/7zip/7zip_26.01.bb 
b/meta-oe/recipes-extended/7zip/7zip_26.01.bb
index 61be89c7ba..3fc3037bcc 100644
--- a/meta-oe/recipes-extended/7zip/7zip_26.01.bb
+++ b/meta-oe/recipes-extended/7zip/7zip_26.01.bb
@@ -68,3 +68,15 @@ RPROVIDES:${PN} += "lib7z.so()(64bit) 7z lib7z.so"
 RPROVIDES:${PN}-dev += "lib7z.so()(64bit) 7z lib7z.so"
 
 BBCLASSEXTEND = "native nativesdk"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-47111
+CVE_STATUS[CVE-2022-47111] = "fixed-version: The issue was found in 7-Zip 
22.01. Some later versions are unaffected."
+# https://nvd.nist.gov/vuln/detail/CVE-2022-47112
+CVE_STATUS[CVE-2022-47112] = "fixed-version: The issue was found in 7-Zip 
22.01. Some later versions are unaffected."
+# https://sourceforge.net/p/sevenzip/patches/417/
+# https://www.appsecure.security/vulnerability-database/cve-2023-40481
+CVE_STATUS[CVE-2023-40481] = "fixed-version: That bug was fixed in v23.00."
+# https://www.appsecure.security/vulnerability-database/CVE-2023-52168
+CVE_STATUS[CVE-2023-52168] = "fixed-version: A high-severity vulnerability 
identified in the NtfsHandler.cpp NTFS handler of 7-Zip prior to version 24.01."
+$ https://www.appsecure.security/vulnerability-database/CVE-2023-52169
+CVE_STATUS[CVE-2023-52169] = "fixed-version: Relates to the NtfsHandler.cpp 
NTFS handler in 7-Zip, affecting versions prior to 24.01."
-- 
2.34.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#127000): 
https://lists.openembedded.org/g/openembedded-devel/message/127000
Mute This Topic: https://lists.openembedded.org/mt/119325752/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to