diff mbox series

[1/1] open-vm-tools: Update status for CVE-2014-4199 and CVE-2014-4200

Message ID 20240429110937.55865-2-ninette@thehoodiefirm.com
State New
Headers show
Series open-vm-tools: Update status for CVE-2014-4199 and CVE-2014-4200 | expand

Commit Message

Ninette Adhikari April 29, 2024, 11:09 a.m. UTC
Current version 12.3.5 is not affected by the issue.
Affected versions: Up to (incl) 10.0.3

Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com>
---
 .../recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb       | 2 ++
 1 file changed, 2 insertions(+)

Comments

Peter Marko April 29, 2024, 11:58 a.m. UTC | #1
"ignored:" should not be used, see https://git.openembedded.org/openembedded-core/tree/meta/conf/cve-check-map.conf#n17
When CPE matches wrong version, then use "fixed-version:".

Peter

-----Original Message-----
From: openembedded-devel@lists.openembedded.org <openembedded-devel@lists.openembedded.org> On Behalf Of Ninette Adhikari via lists.openembedded.org
Sent: Monday, April 29, 2024 13:10
To: openembedded-devel@lists.openembedded.org
Cc: engineering@neighbourhood.ie; Ninette Adhikari <ninette@thehoodiefirm.com>
Subject: [oe] [PATCH 1/1] open-vm-tools: Update status for CVE-2014-4199 and CVE-2014-4200

> Current version 12.3.5 is not affected by the issue.
> Affected versions: Up to (incl) 10.0.3
>
> Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com>
> ---
>  .../recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb       | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb b/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb
> index 6696e552c..90d97cf7a 100644
> --- a/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb
> +++ b/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb
> @@ -120,3 +120,5 @@ python() {
>  }
>  
>  CVE_PRODUCT = "open-vm-tools vmware:tools"
> +CVE_STATUS[CVE-2014-4199] = "ignored: No action required. The current version (12.3.5) is not affected by the CVE which affects version 10.0.3."
> +CVE_STATUS[CVE-2014-4200] = "ignored: No action required. The current version (12.3.5) is not affected by the CVE which affects version 10.0.3."
> -- 
> 2.44.0
diff mbox series

Patch

diff --git a/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb b/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb
index 6696e552c..90d97cf7a 100644
--- a/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb
+++ b/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb
@@ -120,3 +120,5 @@  python() {
 }
 
 CVE_PRODUCT = "open-vm-tools vmware:tools"
+CVE_STATUS[CVE-2014-4199] = "ignored: No action required. The current version (12.3.5) is not affected by the CVE which affects version 10.0.3."
+CVE_STATUS[CVE-2014-4200] = "ignored: No action required. The current version (12.3.5) is not affected by the CVE which affects version 10.0.3."