Message ID | 20240429110937.55865-2-ninette@thehoodiefirm.com |
---|---|
State | New |
Headers | show |
Series | open-vm-tools: Update status for CVE-2014-4199 and CVE-2014-4200 | expand |
"ignored:" should not be used, see https://git.openembedded.org/openembedded-core/tree/meta/conf/cve-check-map.conf#n17 When CPE matches wrong version, then use "fixed-version:". Peter -----Original Message----- From: openembedded-devel@lists.openembedded.org <openembedded-devel@lists.openembedded.org> On Behalf Of Ninette Adhikari via lists.openembedded.org Sent: Monday, April 29, 2024 13:10 To: openembedded-devel@lists.openembedded.org Cc: engineering@neighbourhood.ie; Ninette Adhikari <ninette@thehoodiefirm.com> Subject: [oe] [PATCH 1/1] open-vm-tools: Update status for CVE-2014-4199 and CVE-2014-4200 > Current version 12.3.5 is not affected by the issue. > Affected versions: Up to (incl) 10.0.3 > > Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com> > --- > .../recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb b/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb > index 6696e552c..90d97cf7a 100644 > --- a/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb > +++ b/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb > @@ -120,3 +120,5 @@ python() { > } > > CVE_PRODUCT = "open-vm-tools vmware:tools" > +CVE_STATUS[CVE-2014-4199] = "ignored: No action required. The current version (12.3.5) is not affected by the CVE which affects version 10.0.3." > +CVE_STATUS[CVE-2014-4200] = "ignored: No action required. The current version (12.3.5) is not affected by the CVE which affects version 10.0.3." > -- > 2.44.0
diff --git a/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb b/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb index 6696e552c..90d97cf7a 100644 --- a/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb +++ b/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb @@ -120,3 +120,5 @@ python() { } CVE_PRODUCT = "open-vm-tools vmware:tools" +CVE_STATUS[CVE-2014-4199] = "ignored: No action required. The current version (12.3.5) is not affected by the CVE which affects version 10.0.3." +CVE_STATUS[CVE-2014-4200] = "ignored: No action required. The current version (12.3.5) is not affected by the CVE which affects version 10.0.3."
Current version 12.3.5 is not affected by the issue. Affected versions: Up to (incl) 10.0.3 Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com> --- .../recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb | 2 ++ 1 file changed, 2 insertions(+)