"ignored:" should not be used, see https://git.openembedded.org/openembedded-core/tree/meta/conf/cve-check-map.conf#n17 When CPE matches wrong component, then use "cpe-incorrect:".
Peter -----Original Message----- From: [email protected] <[email protected]> On Behalf Of Ninette Adhikari via lists.openembedded.org Sent: Monday, April 29, 2024 13:02 To: [email protected] Cc: [email protected]; Ninette Adhikari <[email protected]> Subject: [oe] [PATCH 1/1] st: Update status for CVE-2017-16224 > The recipe used in the meta-openembedded is a different st package compared > to the one which has the CVE issue. > Package used in meta-embedded: https://st.suckless.org/ Package with CVE > issue: https://www.npmjs.com/package/st No action required. > > Signed-off-by: Ninette Adhikari <[email protected]> > --- > meta-oe/recipes-graphics/suckless/st_0.9.2.bb | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/meta-oe/recipes-graphics/suckless/st_0.9.2.bb > b/meta-oe/recipes-graphics/suckless/st_0.9.2.bb > index 5e0f2e71c..984695a31 100644 > --- a/meta-oe/recipes-graphics/suckless/st_0.9.2.bb > +++ b/meta-oe/recipes-graphics/suckless/st_0.9.2.bb > @@ -33,3 +33,5 @@ ALTERNATIVE:${PN} = "st st-256color" > ALTERNATIVE_LINK_NAME[st] = "${datadir}/terminfo/s/st" > > ALTERNATIVE_LINK_NAME[st-256color] = "${datadir}/terminfo/s/st-256color" > + > +CVE_STATUS[CVE-2017-16224] = "ignored: The recipe used in the > meta-openembedded is a different st package compared to the one which has the > CVE issue." > -- > 2.44.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#110180): https://lists.openembedded.org/g/openembedded-devel/message/110180 Mute This Topic: https://lists.openembedded.org/mt/105798224/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
