diff mbox series

[scarthgap,styhead] subversion: ignore CVE-2024-45720

Message ID 20250212173847.9923-1-peter.marko@siemens.com
State Accepted
Delegated to: Steve Sakoman
Headers show
Series [scarthgap,styhead] subversion: ignore CVE-2024-45720 | expand

Commit Message

Marko, Peter Feb. 12, 2025, 5:38 p.m. UTC 
From: Peter Marko <peter.marko@siemens.com>

Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-45720

This CVE is relevant only for subversion running on Windows.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 meta/recipes-devtools/subversion/subversion_1.14.3.bb | 2 ++
 1 file changed, 2 insertions(+)

Comments

Sofiane HAMAM Feb. 14, 2025, 9:14 a.m. UTC | #1 
Hi,
I also worked on this one
Reviewed-by: Sofiane Hamam <sofiane.hamam@smile.fr>
Marko, Peter Feb. 27, 2025, 7:54 a.m. UTC | #2 
gentle ping for styhead...

> -----Original Message-----
> From: Marko, Peter (FT D EU SK BFS1) <Peter.Marko@siemens.com>
> Sent: Wednesday, February 12, 2025 18:39
> To: openembedded-core@lists.openembedded.org
> Cc: Marko, Peter (FT D EU SK BFS1) <Peter.Marko@siemens.com>
> Subject: [OE-core][scarthgap][styhead][PATCH] subversion: ignore CVE-2024-
> 45720
> 
> From: Peter Marko <peter.marko@siemens.com>
> 
> Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-45720
> 
> This CVE is relevant only for subversion running on Windows.
> 
> Signed-off-by: Peter Marko <peter.marko@siemens.com>
> ---
>  meta/recipes-devtools/subversion/subversion_1.14.3.bb | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/meta/recipes-devtools/subversion/subversion_1.14.3.bb b/meta/recipes-
> devtools/subversion/subversion_1.14.3.bb
> index 1ef3d498a5..679228cbb8 100644
> --- a/meta/recipes-devtools/subversion/subversion_1.14.3.bb
> +++ b/meta/recipes-devtools/subversion/subversion_1.14.3.bb
> @@ -19,6 +19,8 @@ inherit autotools pkgconfig gettext python3native
> 
>  CVE_PRODUCT = "apache:subversion"
> 
> +CVE_STATUS[CVE-2024-45720] = "not-applicable-platform: Issue only applies on
> Windows"
> +
>  PACKAGECONFIG ?= ""
> 
>  PACKAGECONFIG[boost] = "--with-boost=${RECIPE_SYSROOT}${exec_prefix},--
> without-boost,boost"
Steve Sakoman Feb. 27, 2025, 2:10 p.m. UTC | #3 
Thanks for the reminder.

When you put more than one branch target in a patch submission it
greatly increases the odds of something going awry since I can't
easily track status in patchworks.

The process goes much more smoothly if you send a per branch
submission, that way you aren't relying on my poor memory to make sure
the right thing happens :-)

Steve

On Wed, Feb 26, 2025 at 11:54 PM Marko, Peter <Peter.Marko@siemens.com> wrote:
>
> gentle ping for styhead...
>
> > -----Original Message-----
> > From: Marko, Peter (FT D EU SK BFS1) <Peter.Marko@siemens.com>
> > Sent: Wednesday, February 12, 2025 18:39
> > To: openembedded-core@lists.openembedded.org
> > Cc: Marko, Peter (FT D EU SK BFS1) <Peter.Marko@siemens.com>
> > Subject: [OE-core][scarthgap][styhead][PATCH] subversion: ignore CVE-2024-
> > 45720
> >
> > From: Peter Marko <peter.marko@siemens.com>
> >
> > Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-45720
> >
> > This CVE is relevant only for subversion running on Windows.
> >
> > Signed-off-by: Peter Marko <peter.marko@siemens.com>
> > ---
> >  meta/recipes-devtools/subversion/subversion_1.14.3.bb | 2 ++
> >  1 file changed, 2 insertions(+)
> >
> > diff --git a/meta/recipes-devtools/subversion/subversion_1.14.3.bb b/meta/recipes-
> > devtools/subversion/subversion_1.14.3.bb
> > index 1ef3d498a5..679228cbb8 100644
> > --- a/meta/recipes-devtools/subversion/subversion_1.14.3.bb
> > +++ b/meta/recipes-devtools/subversion/subversion_1.14.3.bb
> > @@ -19,6 +19,8 @@ inherit autotools pkgconfig gettext python3native
> >
> >  CVE_PRODUCT = "apache:subversion"
> >
> > +CVE_STATUS[CVE-2024-45720] = "not-applicable-platform: Issue only applies on
> > Windows"
> > +
> >  PACKAGECONFIG ?= ""
> >
> >  PACKAGECONFIG[boost] = "--with-boost=${RECIPE_SYSROOT}${exec_prefix},--
> > without-boost,boost"
diff mbox series

Patch

diff --git a/meta/recipes-devtools/subversion/subversion_1.14.3.bb b/meta/recipes-devtools/subversion/subversion_1.14.3.bb
index 1ef3d498a5..679228cbb8 100644
--- a/meta/recipes-devtools/subversion/subversion_1.14.3.bb
+++ b/meta/recipes-devtools/subversion/subversion_1.14.3.bb
@@ -19,6 +19,8 @@  inherit autotools pkgconfig gettext python3native
 
 CVE_PRODUCT = "apache:subversion"
 
+CVE_STATUS[CVE-2024-45720] = "not-applicable-platform: Issue only applies on Windows"
+
 PACKAGECONFIG ?= ""
 
 PACKAGECONFIG[boost] = "--with-boost=${RECIPE_SYSROOT}${exec_prefix},--without-boost,boost"