| Message ID | 20241124191126.24876-1-peter.marko@siemens.com |
|---|---|
| State | New |
| Headers | show |
| Series | libssh2: mark CVE-2023-48795 as fixed | expand |
On 24 Nov 2024, at 19:11, Peter Marko via lists.openembedded.org <peter.marko=siemens.com@lists.openembedded.org> wrote: > NVD DB has typo in version (1.11.10 instead of 1.11.1) > Version 1.11.1 is the currently the latest one, there is no .10 > > Signed-off-by: Peter Marko <peter.marko@siemens.com> > --- > If someone wants, correction can be requested from NVD instead of this patch. > But in current NVD CVE enrichment situation that may be problematic. For simple fixes like this they’ve been quite proactive. I’ve just sent a CPE update, I suggest merging this now and reverting when the database is fixed. Thanks, Ross
diff --git a/meta/recipes-support/libssh2/libssh2_1.11.1.bb b/meta/recipes-support/libssh2/libssh2_1.11.1.bb index 6d2580072b..c7013142c0 100644 --- a/meta/recipes-support/libssh2/libssh2_1.11.1.bb +++ b/meta/recipes-support/libssh2/libssh2_1.11.1.bb @@ -50,3 +50,6 @@ do_install_ptest() { mkdir -p ${D}${PTEST_PATH}/docs cp -r ${S}/docs/* ${D}${PTEST_PATH}/docs/ } + +# should be removed when upgrading to 1.11.10 or higher +CVE_STATUS[CVE-2023-48795] = "fixed-version: fixed since version 1.11.1"