CVE_STATUS is not supported in kirkstone, you should use CVE_CHECK_IGNORE
Steve
On Mon, Apr 15, 2024 at 5:01 AM Sadineni, Harish via
lists.openembedded.org
wrote:
>
> From: Harish Sadineni
>
> CVE-2024-24576 only applies when invoking batch files (with the `bat` and
> `cmd` extensions) on Windows & No other platform or use is affected.
> More details about CVE is here:
> https://nvd.nist.gov/vuln/detail/CVE-2024-24576
>
> Signed-off-by: Harish Sadineni
> ---
> meta/recipes-devtools/rust/rust-source.inc | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/meta/recipes-devtools/rust/rust-source.inc
> b/meta/recipes-devtools/rust/rust-source.inc
> index ea70ad786f..b8dcc56482 100644
> --- a/meta/recipes-devtools/rust/rust-source.inc
> +++ b/meta/recipes-devtools/rust/rust-source.inc
> @@ -5,3 +5,5 @@ RUSTSRC = "${WORKDIR}/rustc-${PV}-src"
>
> UPSTREAM_CHECK_URI =
> "https://forge.rust-lang.org/infra/other-installation-methods.html;
> UPSTREAM_CHECK_REGEX = "rustc-(?P\d+(\.\d+)+)-src"
> +
> +CVE_STATUS[CVE-2024-24576] = "not-applicable-platform: Issue only applies on
> Windows"
> --
> 2.43.0
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#198238):
https://lists.openembedded.org/g/openembedded-core/message/198238
Mute This Topic: https://lists.openembedded.org/mt/105534166/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-