"ignored:" should not be used, see https://git.openembedded.org/openembedded-core/tree/meta/conf/cve-check-map.conf#n17 When CPE matches wrong version, then use "fixed-version:".
Also add newline at end of file, please... Peter -----Original Message----- From: [email protected] <[email protected]> On Behalf Of Ninette Adhikari via lists.openembedded.org Sent: Monday, April 29, 2024 13:09 To: [email protected] Cc: [email protected]; Ninette Adhikari <[email protected]> Subject: [oe] [PATCH 1/1] sthttpd: Update status for CVE-2017-10671 > Current version 2.27.1 is not affected by the issue. > Affected versions: Up to (excl.) 2.27.1 > > Signed-off-by: Ninette Adhikari <[email protected]> > --- > meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.1.bb | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.1.bb > b/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.1.bb > index b40b14851..0a618c16c 100644 > --- a/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.1.bb > +++ b/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.1.bb > @@ -57,3 +57,5 @@ SYSTEMD_SERVICE:${PN} = "thttpd.service" > > FILES:${PN} += "${SRV_DIR}" > FILES:${PN}-dbg += "${SRV_DIR}/cgi-bin/.debug" > + > +CVE_STATUS[CVE-2017-10671] = "ignored: No action required. The current > version (2.27.1) is not affected by the CVE." > \ No newline at end of file > -- > 2.44.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#110183): https://lists.openembedded.org/g/openembedded-devel/message/110183 Mute This Topic: https://lists.openembedded.org/mt/105798301/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
