[scarthgap,styhead] subversion: ignore CVE-2024-45720

Message ID	20250212173847.9923-1-peter.marko@siemens.com
State	Under Review
Delegated to:	Steve Sakoman
Headers	show Return-Path: <peter.marko@siemens.com> ip: 185.136.64.226, mailfrom: fm-256628-2025021217394195163ee3ccea637587-rtjnvp@rts-flowmailer.siemens.com) From: Peter Marko <peter.marko@siemens.com> To: openembedded-core@lists.openembedded.org Cc: Peter Marko <peter.marko@siemens.com> Subject: [OE-core][scarthgap][styhead][PATCH] subversion: ignore CVE-2024-45720 Date: Wed, 12 Feb 2025 18:38:47 +0100 Message-Id: <20250212173847.9923-1-peter.marko@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Feedback-ID: 519:519-256628:519-21489:flowmailer
Series	[scarthgap,styhead] subversion: ignore CVE-2024-45720 \| expand [scarthgap,styhead] subversion: ignore CVE-2024-45720

Message ID

20250212173847.9923-1-peter.marko@siemens.com

State

Under Review

Delegated to:

Steve Sakoman

Headers

From: Peter Marko <peter.marko@siemens.com>
To: openembedded-core@lists.openembedded.org
Cc: Peter Marko <peter.marko@siemens.com>
Subject: [OE-core][scarthgap][styhead][PATCH] subversion: ignore
 CVE-2024-45720
Date: Wed, 12 Feb 2025 18:38:47 +0100
Message-Id: <20250212173847.9923-1-peter.marko@siemens.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Feedback-ID: 519:519-256628:519-21489:flowmailer

Series

[scarthgap,styhead] subversion: ignore CVE-2024-45720 | expand

Commit Message

Peter Marko Feb. 12, 2025, 5:38 p.m. UTC

From: Peter Marko <peter.marko@siemens.com>

Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-45720

This CVE is relevant only for subversion running on Windows.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 meta/recipes-devtools/subversion/subversion_1.14.3.bb | 2 ++
 1 file changed, 2 insertions(+)

Comments

Sofiane HAMAM Feb. 14, 2025, 9:14 a.m. UTC | #1

Hi,
I also worked on this one
Reviewed-by: Sofiane Hamam <sofiane.hamam@smile.fr>

diff --git a/meta/recipes-devtools/subversion/subversion_1.14.3.bb b/meta/recipes-devtools/subversion/subversion_1.14.3.bb
index 1ef3d498a5..679228cbb8 100644
--- a/meta/recipes-devtools/subversion/subversion_1.14.3.bb
+++ b/meta/recipes-devtools/subversion/subversion_1.14.3.bb
@@ -19,6 +19,8 @@  inherit autotools pkgconfig gettext python3native
 
 CVE_PRODUCT = "apache:subversion"
 
+CVE_STATUS[CVE-2024-45720] = "not-applicable-platform: Issue only applies on Windows"
+
 PACKAGECONFIG ?= ""
 
 PACKAGECONFIG[boost] = "--with-boost=${RECIPE_SYSROOT}${exec_prefix},--without-boost,boost"

[scarthgap,styhead] subversion: ignore CVE-2024-45720

Commit Message

Comments

Patch