[OE-core][PATCH] glibc: Refresh CVE statuses
- drop irrelevant CVEs Signed-off-by: Valek Andrej --- meta/recipes-core/glibc/glibc-version.inc | 5 - meta/recipes-core/glibc/glibc_2.39.bb | 2 -- 2 files changed, 7 deletions(-) diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc index 7efcd0818f6..b8f0a4a119e 100644 --- a/meta/recipes-core/glibc/glibc-version.inc +++ b/meta/recipes-core/glibc/glibc-version.inc @@ -7,9 +7,4 @@ GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https" UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+\.\d+(\.(?!90)\d+)*)" -CVE_STATUS[CVE-2023-4527] = "fixed-version: Fixed in stable branch updates" CVE_STATUS[CVE-2023-4911] = "fixed-version: Fixed in stable branch updates" -CVE_STATUS[CVE-2023-4806] = "fixed-version: Fixed in stable branch updates" -CVE_STATUS[CVE-2023-5156] = "fixed-version: Fixed in stable branch updates" -CVE_STATUS[CVE-2023-4527] = "fixed-version: Fixed in stable branch updates" -CVE_STATUS[CVE-2023-0687] = "fixed-version: Fixed in stable branch updates" diff --git a/meta/recipes-core/glibc/glibc_2.39.bb b/meta/recipes-core/glibc/glibc_2.39.bb index 910bbdd71b0..b5aa15ec5bb 100644 --- a/meta/recipes-core/glibc/glibc_2.39.bb +++ b/meta/recipes-core/glibc/glibc_2.39.bb @@ -16,8 +16,6 @@ CVE_STATUS[CVE-2019-1010025] = "disputed: \ Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, may allow \ easier access for another. 'ASLR bypass itself is not a vulnerability.'" -CVE_STATUS[CVE-2023-25139] = "cpe-stable-backport: This is integrated into the 2.37 branch as of 07b9521fc6" - DEPENDS += "gperf-native bison-native" NATIVESDKFIXES ?= "" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#194128): https://lists.openembedded.org/g/openembedded-core/message/194128 Mute This Topic: https://lists.openembedded.org/mt/103882809/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][PATCH] glibc: Refresh CVE statuses
- drop irrelevant CVEs Signed-off-by: Valek Andrej --- meta/recipes-core/glibc/glibc-version.inc | 5 - meta/recipes-core/glibc/glibc_2.39.bb | 2 -- 2 files changed, 7 deletions(-) diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc index 7efcd0818f6..b8f0a4a119e 100644 --- a/meta/recipes-core/glibc/glibc-version.inc +++ b/meta/recipes-core/glibc/glibc-version.inc @@ -7,9 +7,4 @@ GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https" UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+\.\d+(\.(?!90)\d+)*)" -CVE_STATUS[CVE-2023-4527] = "fixed-version: Fixed in stable branch updates" CVE_STATUS[CVE-2023-4911] = "fixed-version: Fixed in stable branch updates" -CVE_STATUS[CVE-2023-4806] = "fixed-version: Fixed in stable branch updates" -CVE_STATUS[CVE-2023-5156] = "fixed-version: Fixed in stable branch updates" -CVE_STATUS[CVE-2023-4527] = "fixed-version: Fixed in stable branch updates" -CVE_STATUS[CVE-2023-0687] = "fixed-version: Fixed in stable branch updates" diff --git a/meta/recipes-core/glibc/glibc_2.39.bb b/meta/recipes-core/glibc/glibc_2.39.bb index 910bbdd71b0..b5aa15ec5bb 100644 --- a/meta/recipes-core/glibc/glibc_2.39.bb +++ b/meta/recipes-core/glibc/glibc_2.39.bb @@ -16,8 +16,6 @@ CVE_STATUS[CVE-2019-1010025] = "disputed: \ Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, may allow \ easier access for another. 'ASLR bypass itself is not a vulnerability.'" -CVE_STATUS[CVE-2023-25139] = "cpe-stable-backport: This is integrated into the 2.37 branch as of 07b9521fc6" - DEPENDS += "gperf-native bison-native" NATIVESDKFIXES ?= "" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#194124): https://lists.openembedded.org/g/openembedded-core/message/194124 Mute This Topic: https://lists.openembedded.org/mt/103882748/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
