"ignored:" should not be used, see https://git.openembedded.org/openembedded-core/tree/meta/conf/cve-check-map.conf#n17 When CPE matches wrong component, then use "cpe-incorrect:".
Also add newline at end of file, please... Peter -----Original Message----- From: [email protected] <[email protected]> On Behalf Of Ninette Adhikari via lists.openembedded.org Sent: Monday, April 29, 2024 13:08 To: [email protected] Cc: [email protected]; Ninette Adhikari <[email protected]> Subject: [oe] [PATCH 1/1] mpd: Update status for CVE-2020-7465 and CVE-2020-7466 > The recipe used in the `meta-openembedded` is a different mpd package > compared to the one which has the CVE issue. > Package used in `meta-embedded`: http://www.musicpd.org Package with CVE > issue: https://sourceforge.net/projects/mpd/ > No action required. > > Signed-off-by: Ninette Adhikari <[email protected]> > --- > meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.14.bb | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.14.bb > b/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.14.bb > index a762fc832..90211bd29 100644 > --- a/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.14.bb > +++ b/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.14.bb > @@ -100,3 +100,6 @@ USERADD_PARAM:${PN} = " \ > --home ${localstatedir}/lib/mpd \ > --groups audio \ > --user-group mpd" > + > +CVE_STATUS[CVE-2020-7465] = "ignored: The recipe used in the > meta-openembedded is a different mpd package compared to the one which has > the CVE issue." > +CVE_STATUS[CVE-2020-7466] = "ignored: The recipe used in the > meta-openembedded is a different mpd package compared to the one which has > the CVE issue." > \ No newline at end of file > -- > 2.44.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#110182): https://lists.openembedded.org/g/openembedded-devel/message/110182 Mute This Topic: https://lists.openembedded.org/mt/105798285/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
