[kirkstone] libpcre2: ignore CVE-2022-1586

Message ID	20250212180019.12297-1-peter.marko@siemens.com
State	Under Review
Delegated to:	Steve Sakoman
Headers	show Return-Path: <peter.marko@siemens.com> ip: 185.136.65.226, mailfrom: fm-256628-20250212180105f890ceddd4208b011a-sp0rkv@rts-flowmailer.siemens.com) From: Peter Marko <peter.marko@siemens.com> To: openembedded-core@lists.openembedded.org Cc: Peter Marko <peter.marko@siemens.com> Subject: [OE-core][kirkstone][PATCH] libpcre2: ignore CVE-2022-1586 Date: Wed, 12 Feb 2025 19:00:19 +0100 Message-Id: <20250212180019.12297-1-peter.marko@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Feedback-ID: 519:519-256628:519-21489:flowmailer
Series	[kirkstone] libpcre2: ignore CVE-2022-1586 \| expand [kirkstone] libpcre2: ignore CVE-2022-1586

Message ID

20250212180019.12297-1-peter.marko@siemens.com

State

Under Review

Delegated to:

Steve Sakoman

Headers

From: Peter Marko <peter.marko@siemens.com>
To: openembedded-core@lists.openembedded.org
Cc: Peter Marko <peter.marko@siemens.com>
Subject: [OE-core][kirkstone][PATCH] libpcre2: ignore CVE-2022-1586
Date: Wed, 12 Feb 2025 19:00:19 +0100
Message-Id: <20250212180019.12297-1-peter.marko@siemens.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Feedback-ID: 519:519-256628:519-21489:flowmailer

Series

[kirkstone] libpcre2: ignore CVE-2022-1586 | expand

Commit Message

Peter Marko Feb. 12, 2025, 6 p.m. UTC

From: Peter Marko <peter.marko@siemens.com>

This CVE is fixed in 10.40
NVD wrongly changed <10.40 to =10.40 when adding debian_linux=10.0

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-1586#VulnChangeHistorySection

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 meta/recipes-support/libpcre/libpcre2_10.40.bb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta/recipes-support/libpcre/libpcre2_10.40.bb b/meta/recipes-support/libpcre/libpcre2_10.40.bb
index 74c12ecec2..ba5f8cff32 100644
--- a/meta/recipes-support/libpcre/libpcre2_10.40.bb
+++ b/meta/recipes-support/libpcre/libpcre2_10.40.bb
@@ -19,6 +19,10 @@  SRC_URI[sha256sum] = "14e4b83c4783933dc17e964318e6324f7cae1bc75d8f3c79bc6969f00c
 
 CVE_PRODUCT = "pcre2"
 
+# This CVE is fixed in 10.40
+# NVD wrongly changed <10.40 to =10.40 when adding debian_linux=10.0
+CVE_CHECK_IGNORE += "CVE-2022-1586"
+
 S = "${WORKDIR}/pcre2-${PV}"
 
 PROVIDES += "pcre2"

[kirkstone] libpcre2: ignore CVE-2022-1586

Commit Message

Patch