| Message ID | 20251015063531.1573191-3-ankur.tyagi85@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [meta-oe,scarthgap,1/4] mercurial: Update CVE status for CVE-2022-43410 | expand |
On Wed, 2025-10-15 at 19:35 +1300, Ankur Tyagi via lists.openembedded.org wrote: > This release fixes CVE-2024-42458 > https://github.com/any1/neatvnc/compare/v0.8.0...v0.8.1 > > Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> > --- > .../neatvnc/{neatvnc_0.8.0.bb => neatvnc_0.8.1.bb} | 6 > ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > rename meta-oe/recipes-graphics/neatvnc/{neatvnc_0.8.0.bb => > neatvnc_0.8.1.bb} (81%) > > diff --git a/meta-oe/recipes-graphics/neatvnc/neatvnc_0.8.0.bb > b/meta-oe/recipes-graphics/neatvnc/neatvnc_0.8.1.bb > similarity index 81% > rename from meta-oe/recipes-graphics/neatvnc/neatvnc_0.8.0.bb > rename to meta-oe/recipes-graphics/neatvnc/neatvnc_0.8.1.bb > index c9c4a6c27a..572134b47c 100644 > --- a/meta-oe/recipes-graphics/neatvnc/neatvnc_0.8.0.bb > +++ b/meta-oe/recipes-graphics/neatvnc/neatvnc_0.8.1.bb > @@ -4,9 +4,9 @@ HOMEPAGE = "https://github.com/any1/neatvnc" > LICENSE = "ISC" > LIC_FILES_CHKSUM = > "file://COPYING;md5=94fc374e7174f41e3afe0f027ee59ff7" > > -SRC_URI = > "git://github.com/any1/neatvnc;branch=master;protocol=https" > +SRC_URI = "git://github.com/any1/neatvnc;branch=v0.8;protocol=https" > > -SRCREV = "46432ce8cade0b54a38d4bb42eb07f96c8ff49fd" > +SRCREV = "07081567ab21a2b099ceb41ae8cab872a31cbb9a" > > S = "${WORKDIR}/git" > > @@ -36,3 +36,5 @@ do_install:append () { > } > > BBCLASSEXTEND = "native" > + > +CVE_STATUS[CVE-2024-42458] = "fixed-version: No action required. The > current version (0.8.1) is not affected by the CVE." Why is this required? The data shows versions till 0.8.1 (excluding) to be vulnerable so this shouldn't be required? Am I misinterpreting something? > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#120692): > https://lists.openembedded.org/g/openembedded-devel/message/120692 > Mute This Topic: https://lists.openembedded.org/mt/115766813/3616702 > Group Owner: openembedded-devel+owner@lists.openembedded.org > Unsubscribe: > https://lists.openembedded.org/g/openembedded-devel/unsub [ > anuj.mittal@intel.com] > -=-=-=-=-=-=-=-=-=-=-=-
On Thu, Oct 30, 2025 at 7:30 PM Anuj Mittal via lists.openembedded.org <anuj.mittal=intel.com@lists.openembedded.org> wrote: > > On Wed, 2025-10-15 at 19:35 +1300, Ankur Tyagi via > lists.openembedded.org wrote: > > This release fixes CVE-2024-42458 > > https://github.com/any1/neatvnc/compare/v0.8.0...v0.8.1 > > > > Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> > > --- > > .../neatvnc/{neatvnc_0.8.0.bb => neatvnc_0.8.1.bb} | 6 > > ++++-- > > 1 file changed, 4 insertions(+), 2 deletions(-) > > rename meta-oe/recipes-graphics/neatvnc/{neatvnc_0.8.0.bb => > > neatvnc_0.8.1.bb} (81%) > > > > diff --git a/meta-oe/recipes-graphics/neatvnc/neatvnc_0.8.0.bb > > b/meta-oe/recipes-graphics/neatvnc/neatvnc_0.8.1.bb > > similarity index 81% > > rename from meta-oe/recipes-graphics/neatvnc/neatvnc_0.8.0.bb > > rename to meta-oe/recipes-graphics/neatvnc/neatvnc_0.8.1.bb > > index c9c4a6c27a..572134b47c 100644 > > --- a/meta-oe/recipes-graphics/neatvnc/neatvnc_0.8.0.bb > > +++ b/meta-oe/recipes-graphics/neatvnc/neatvnc_0.8.1.bb > > @@ -4,9 +4,9 @@ HOMEPAGE = "https://github.com/any1/neatvnc" > > LICENSE = "ISC" > > LIC_FILES_CHKSUM = > > "file://COPYING;md5=94fc374e7174f41e3afe0f027ee59ff7" > > > > -SRC_URI = > > "git://github.com/any1/neatvnc;branch=master;protocol=https" > > +SRC_URI = "git://github.com/any1/neatvnc;branch=v0.8;protocol=https" > > > > -SRCREV = "46432ce8cade0b54a38d4bb42eb07f96c8ff49fd" > > +SRCREV = "07081567ab21a2b099ceb41ae8cab872a31cbb9a" > > > > S = "${WORKDIR}/git" > > > > @@ -36,3 +36,5 @@ do_install:append () { > > } > > > > BBCLASSEXTEND = "native" > > + > > +CVE_STATUS[CVE-2024-42458] = "fixed-version: No action required. The > > current version (0.8.1) is not affected by the CVE." > > Why is this required? The data shows versions till 0.8.1 (excluding) to > be vulnerable so this shouldn't be required? Am I misinterpreting > something? No, you are not. Please drop this patch and I'll re-send it separately > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#121194): https://lists.openembedded.org/g/openembedded-devel/message/121194 > Mute This Topic: https://lists.openembedded.org/mt/115766813/3619737 > Group Owner: openembedded-devel+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [ankur.tyagi85@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta-oe/recipes-graphics/neatvnc/neatvnc_0.8.0.bb b/meta-oe/recipes-graphics/neatvnc/neatvnc_0.8.1.bb similarity index 81% rename from meta-oe/recipes-graphics/neatvnc/neatvnc_0.8.0.bb rename to meta-oe/recipes-graphics/neatvnc/neatvnc_0.8.1.bb index c9c4a6c27a..572134b47c 100644 --- a/meta-oe/recipes-graphics/neatvnc/neatvnc_0.8.0.bb +++ b/meta-oe/recipes-graphics/neatvnc/neatvnc_0.8.1.bb @@ -4,9 +4,9 @@ HOMEPAGE = "https://github.com/any1/neatvnc" LICENSE = "ISC" LIC_FILES_CHKSUM = "file://COPYING;md5=94fc374e7174f41e3afe0f027ee59ff7" -SRC_URI = "git://github.com/any1/neatvnc;branch=master;protocol=https" +SRC_URI = "git://github.com/any1/neatvnc;branch=v0.8;protocol=https" -SRCREV = "46432ce8cade0b54a38d4bb42eb07f96c8ff49fd" +SRCREV = "07081567ab21a2b099ceb41ae8cab872a31cbb9a" S = "${WORKDIR}/git" @@ -36,3 +36,5 @@ do_install:append () { } BBCLASSEXTEND = "native" + +CVE_STATUS[CVE-2024-42458] = "fixed-version: No action required. The current version (0.8.1) is not affected by the CVE."
This release fixes CVE-2024-42458 https://github.com/any1/neatvnc/compare/v0.8.0...v0.8.1 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> --- .../neatvnc/{neatvnc_0.8.0.bb => neatvnc_0.8.1.bb} | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) rename meta-oe/recipes-graphics/neatvnc/{neatvnc_0.8.0.bb => neatvnc_0.8.1.bb} (81%)