| Message ID | 20260515055334.466550-1-hongxu.jia@windriver.com |
|---|---|
| State | Under Review |
| Headers | show |
| Series | [meta-oe,v2] 7zip: update CVE_STATUS for fixed-version | expand |
Hello, what is the purpose of this patch? All these CVEs are already marked as fixed in sbom cve reports. Peter > -----Original Message----- > From: openembedded-devel@lists.openembedded.org <openembedded- > devel@lists.openembedded.org> On Behalf Of hongxu via lists.openembedded.org > Sent: Friday, May 15, 2026 7:54 AM > To: openembedded-devel@lists.openembedded.org > Subject: [oe] [meta-oe][PATCH v2] 7zip: update CVE_STATUS for fixed-version > > These CVEs was fixed in current 7zip version > > Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> > --- > meta-oe/recipes-extended/7zip/7zip_26.01.bb | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > > diff --git a/meta-oe/recipes-extended/7zip/7zip_26.01.bb b/meta-oe/recipes- > extended/7zip/7zip_26.01.bb > index 61be89c7ba..6da5b08347 100644 > --- a/meta-oe/recipes-extended/7zip/7zip_26.01.bb > +++ b/meta-oe/recipes-extended/7zip/7zip_26.01.bb > @@ -68,3 +68,15 @@ RPROVIDES:${PN} += "lib7z.so()(64bit) 7z lib7z.so" > RPROVIDES:${PN}-dev += "lib7z.so()(64bit) 7z lib7z.so" > > BBCLASSEXTEND = "native nativesdk" > + > +# https://nvd.nist.gov/vuln/detail/CVE-2022-47111 > +CVE_STATUS[CVE-2022-47111] = "fixed-version: The issue was found in 7-Zip > 22.01. Some later versions are unaffected." > +# https://nvd.nist.gov/vuln/detail/CVE-2022-47112 > +CVE_STATUS[CVE-2022-47112] = "fixed-version: The issue was found in 7-Zip > 22.01. Some later versions are unaffected." > +# https://sourceforge.net/p/sevenzip/patches/417/ > +# https://www.appsecure.security/vulnerability-database/cve-2023-40481 > +CVE_STATUS[CVE-2023-40481] = "fixed-version: That bug was fixed in v23.00." > +# https://www.appsecure.security/vulnerability-database/CVE-2023-52168 > +CVE_STATUS[CVE-2023-52168] = "fixed-version: A high-severity vulnerability > identified in the NtfsHandler.cpp NTFS handler of 7-Zip prior to version 24.01." > +# https://www.appsecure.security/vulnerability-database/CVE-2023-52169 > +CVE_STATUS[CVE-2023-52169] = "fixed-version: Relates to the NtfsHandler.cpp > NTFS handler in 7-Zip, affecting versions prior to 24.01." > -- > 2.34.1
diff --git a/meta-oe/recipes-extended/7zip/7zip_26.01.bb b/meta-oe/recipes-extended/7zip/7zip_26.01.bb index 61be89c7ba..6da5b08347 100644 --- a/meta-oe/recipes-extended/7zip/7zip_26.01.bb +++ b/meta-oe/recipes-extended/7zip/7zip_26.01.bb @@ -68,3 +68,15 @@ RPROVIDES:${PN} += "lib7z.so()(64bit) 7z lib7z.so" RPROVIDES:${PN}-dev += "lib7z.so()(64bit) 7z lib7z.so" BBCLASSEXTEND = "native nativesdk" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-47111 +CVE_STATUS[CVE-2022-47111] = "fixed-version: The issue was found in 7-Zip 22.01. Some later versions are unaffected." +# https://nvd.nist.gov/vuln/detail/CVE-2022-47112 +CVE_STATUS[CVE-2022-47112] = "fixed-version: The issue was found in 7-Zip 22.01. Some later versions are unaffected." +# https://sourceforge.net/p/sevenzip/patches/417/ +# https://www.appsecure.security/vulnerability-database/cve-2023-40481 +CVE_STATUS[CVE-2023-40481] = "fixed-version: That bug was fixed in v23.00." +# https://www.appsecure.security/vulnerability-database/CVE-2023-52168 +CVE_STATUS[CVE-2023-52168] = "fixed-version: A high-severity vulnerability identified in the NtfsHandler.cpp NTFS handler of 7-Zip prior to version 24.01." +# https://www.appsecure.security/vulnerability-database/CVE-2023-52169 +CVE_STATUS[CVE-2023-52169] = "fixed-version: Relates to the NtfsHandler.cpp NTFS handler in 7-Zip, affecting versions prior to 24.01."
These CVEs was fixed in current 7zip version Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> --- meta-oe/recipes-extended/7zip/7zip_26.01.bb | 12 ++++++++++++ 1 file changed, 12 insertions(+)