"ignored:" should not be used, see https://git.openembedded.org/openembedded-core/tree/meta/conf/cve-check-map.conf#n17 When CPE matches wrong version, then use "fixed-version:".
Also add newline at end of file, please... Peter -----Original Message----- From: [email protected] <[email protected]> On Behalf Of Ninette Adhikari via lists.openembedded.org Sent: Monday, April 29, 2024 13:05 To: [email protected] Cc: [email protected]; Ninette Adhikari <[email protected]> Subject: [oe] [PATCH 1/1] procmail: Update status for CVE-1999-0475 > Current version 3.22 is not affected by the issue. > Affected versions: Up to (excl.) 3.2.1 > > Signed-off-by: Ninette Adhikari <[email protected]> > --- > meta-oe/recipes-support/procmail/procmail_3.22.bb | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/meta-oe/recipes-support/procmail/procmail_3.22.bb > b/meta-oe/recipes-support/procmail/procmail_3.22.bb > index ba268de0a..723e15d10 100644 > --- a/meta-oe/recipes-support/procmail/procmail_3.22.bb > +++ b/meta-oe/recipes-support/procmail/procmail_3.22.bb > @@ -43,3 +43,5 @@ do_install() { > oe_runmake -i BASENAME=${D}/usr MANDIR=${D}${mandir} install > install -m 0644 debian/mailstat.1 ${D}${mandir}/man1 } > + > +CVE_STATUS[CVE-1999-0475] = "ignored: No action required. The current > version (3.22) is not affected by the CVE." > \ No newline at end of file > -- > 2.44.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#110181): https://lists.openembedded.org/g/openembedded-devel/message/110181 Mute This Topic: https://lists.openembedded.org/mt/105798256/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
