[yocto] [meta-security][PATCH] tpm2-tss: correct CVE product

Wed, 22 Mar 2023 00:18:42 -0700 

From: Peter Marko <[email protected]>

Currently CVE-2023-22745 does not show up in kirkstone CVE report.
This fixes that.

Products from yocto's CVE check NVD database:
sqlite> select * from products where product like "tpm2%";
CVE-2017-7524|tpm2-tools_project|tpm2.0-tools|||1.1.0|<=
CVE-2020-24455|tpm2_software_stack_project|tpm2_software_stack|||2.4.3|<
CVE-2020-24455|tpm2_software_stack_project|tpm2_software_stack|3.0.0|>=|3.0.1|<
CVE-2021-3565|tpm2-tools_project|tpm2-tools|5.1|>=|5.1.1|<
CVE-2021-3565|tpm2-tools_project|tpm2-tools|||4.3.2|<
CVE-2023-22745|tpm2_software_stack_project|tpm2_software_stack|||4.0.0|<=

Signed-off-by: Peter Marko <[email protected]>
---
 meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb 
b/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb
index 657a2cd..cc7e6ae 100644
--- a/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb
@@ -14,6 +14,8 @@ SRC_URI[sha256sum] = 
"532a70133910b6bd842289915b3f9423c0205c0ea009d65294ca18a740
 
 UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases";
 
+CVE_PRODUCT = "tpm2_software_stack"
+
 inherit autotools pkgconfig systemd useradd
 
 PACKAGECONFIG ??= "vendor"
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#59488): https://lists.yoctoproject.org/g/yocto/message/59488
Mute This Topic: https://lists.yoctoproject.org/mt/97773345/21656
Group Owner: [email protected]
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to