"ignored:" should not be used, see https://git.openembedded.org/openembedded-core/tree/meta/conf/cve-check-map.conf#n17 When CPE matches wrong version, then use "fixed-version:".
Peter -----Original Message----- From: [email protected] <[email protected]> On Behalf Of Ninette Adhikari via lists.openembedded.org Sent: Monday, April 29, 2024 13:10 To: [email protected] Cc: [email protected]; Ninette Adhikari <[email protected]> Subject: [oe] [PATCH 1/1] open-vm-tools: Update status for CVE-2014-4199 and CVE-2014-4200 > Current version 12.3.5 is not affected by the issue. > Affected versions: Up to (incl) 10.0.3 > > Signed-off-by: Ninette Adhikari <[email protected]> > --- > .../recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git > a/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb > b/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb > index 6696e552c..90d97cf7a 100644 > --- a/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb > +++ b/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb > @@ -120,3 +120,5 @@ python() { > } > > CVE_PRODUCT = "open-vm-tools vmware:tools" > +CVE_STATUS[CVE-2014-4199] = "ignored: No action required. The current > version (12.3.5) is not affected by the CVE which affects version 10.0.3." > +CVE_STATUS[CVE-2014-4200] = "ignored: No action required. The current > version (12.3.5) is not affected by the CVE which affects version 10.0.3." > -- > 2.44.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#110184): https://lists.openembedded.org/g/openembedded-devel/message/110184 Mute This Topic: https://lists.openembedded.org/mt/105798314/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
