[kirkstone,02/12] libpcre2: ignore CVE-2022-1586

Message ID	063be7f1f3d9abe61a1eb2d71eeb548b4eb760e6.1739912869.git.steve@sakoman.com
State	RFC
Delegated to:	Steve Sakoman
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.216.44, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 02/12] libpcre2: ignore CVE-2022-1586 Date: Tue, 18 Feb 2025 13:09:55 -0800 Message-ID: <063be7f1f3d9abe61a1eb2d71eeb548b4eb760e6.1739912869.git.steve@sakoman.com> In-Reply-To: <cover.1739912869.git.steve@sakoman.com> References: <cover.1739912869.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[kirkstone,01/12] subversion: ignore CVE-2024-45720 \| expand [kirkstone,01/12] subversion: ignore CVE-2024-45720 [kirkstone,02/12] libpcre2: ignore CVE-2022-1586 [kirkstone,03/12] libxml2: Fix for CVE-2022-49043 [kirkstone,04/12] ruby: fix CVE-2024-41946 [kirkstone,05/12] gnutls: fix CVE-2024-12243 [kirkstone,06/12] ffmpeg: CVE-2025-0518 [kirkstone,07/12] ffmpeg: fix CVE-2024-36613 [kirkstone,08/12] ffmpeg: fix CVE-2024-36616 [kirkstone,09/12] ffmpeg: fix CVE-2024-36617 [kirkstone,10/12] scripts/install-buildtools: Update to 4.0.24 [kirkstone,11/12] scritps/runqemu: Ensure we only have two serial ports [kirkstone,12/12] procps: replaced one use of fputs(3) with a write(2) call

Message ID

063be7f1f3d9abe61a1eb2d71eeb548b4eb760e6.1739912869.git.steve@sakoman.com

State

RFC

Delegated to:

Steve Sakoman

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 02/12] libpcre2: ignore CVE-2022-1586
Date: Tue, 18 Feb 2025 13:09:55 -0800
Message-ID: 
 <063be7f1f3d9abe61a1eb2d71eeb548b4eb760e6.1739912869.git.steve@sakoman.com>
In-Reply-To: <cover.1739912869.git.steve@sakoman.com>
References: <cover.1739912869.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[kirkstone,01/12] subversion: ignore CVE-2024-45720 | expand

Commit Message

Steve Sakoman Feb. 18, 2025, 9:09 p.m. UTC

From: Peter Marko <peter.marko@siemens.com>

This CVE is fixed in 10.40
NVD wrongly changed <10.40 to =10.40 when adding debian_linux=10.0

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-1586#VulnChangeHistorySection

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-support/libpcre/libpcre2_10.40.bb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta/recipes-support/libpcre/libpcre2_10.40.bb b/meta/recipes-support/libpcre/libpcre2_10.40.bb
index 74c12ecec2..ba5f8cff32 100644
--- a/meta/recipes-support/libpcre/libpcre2_10.40.bb
+++ b/meta/recipes-support/libpcre/libpcre2_10.40.bb
@@ -19,6 +19,10 @@  SRC_URI[sha256sum] = "14e4b83c4783933dc17e964318e6324f7cae1bc75d8f3c79bc6969f00c
 
 CVE_PRODUCT = "pcre2"
 
+# This CVE is fixed in 10.40
+# NVD wrongly changed <10.40 to =10.40 when adding debian_linux=10.0
+CVE_CHECK_IGNORE += "CVE-2022-1586"
+
 S = "${WORKDIR}/pcre2-${PV}"
 
 PROVIDES += "pcre2"

[kirkstone,02/12] libpcre2: ignore CVE-2022-1586

Commit Message

Patch