On 5/15/26 16:19, Marko, Peter wrote:
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know
the content is safe.
Hello,
what is the purpose of this patch?
All these CVEs are already marked as fixed in sbom cve reports.
Yes, you are right, these CVEs has been marked as fixed-version or no
version-not-in-range
please drop this patch
//Hongxu
Peter
-----Original Message-----
From: [email protected] <openembedded-
[email protected]> On Behalf Of hongxu via lists.openembedded.org
Sent: Friday, May 15, 2026 7:54 AM
To: [email protected]
Subject: [oe] [meta-oe][PATCH v2] 7zip: update CVE_STATUS for fixed-version
These CVEs was fixed in current 7zip version
Signed-off-by: Hongxu Jia <[email protected]>
---
meta-oe/recipes-extended/7zip/7zip_26.01.bb | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/meta-oe/recipes-extended/7zip/7zip_26.01.bb b/meta-oe/recipes-
extended/7zip/7zip_26.01.bb
index 61be89c7ba..6da5b08347 100644
--- a/meta-oe/recipes-extended/7zip/7zip_26.01.bb
+++ b/meta-oe/recipes-extended/7zip/7zip_26.01.bb
@@ -68,3 +68,15 @@ RPROVIDES:${PN} += "lib7z.so()(64bit) 7z lib7z.so"
RPROVIDES:${PN}-dev += "lib7z.so()(64bit) 7z lib7z.so"
BBCLASSEXTEND = "native nativesdk"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-47111
+CVE_STATUS[CVE-2022-47111] = "fixed-version: The issue was found in 7-Zip
22.01. Some later versions are unaffected."
+# https://nvd.nist.gov/vuln/detail/CVE-2022-47112
+CVE_STATUS[CVE-2022-47112] = "fixed-version: The issue was found in 7-Zip
22.01. Some later versions are unaffected."
+# https://sourceforge.net/p/sevenzip/patches/417/
+# https://www.appsecure.security/vulnerability-database/cve-2023-40481
+CVE_STATUS[CVE-2023-40481] = "fixed-version: That bug was fixed in v23.00."
+# https://www.appsecure.security/vulnerability-database/CVE-2023-52168
+CVE_STATUS[CVE-2023-52168] = "fixed-version: A high-severity vulnerability
identified in the NtfsHandler.cpp NTFS handler of 7-Zip prior to version 24.01."
+# https://www.appsecure.security/vulnerability-database/CVE-2023-52169
+CVE_STATUS[CVE-2023-52169] = "fixed-version: Relates to the NtfsHandler.cpp
NTFS handler in 7-Zip, affecting versions prior to 24.01."
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#127047):
https://lists.openembedded.org/g/openembedded-devel/message/127047
Mute This Topic: https://lists.openembedded.org/mt/119325785/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-