| Message ID | 20250325071248.882336-1-madmarri@cisco.com |
|---|---|
| State | Under Review |
| Delegated to: | Steve Sakoman |
| Headers | show |
| Series | [scarthgap] qemu 8.2.7: ignore CVE-2023-1386 | expand |
On 3/25/25 08:12, Madhu Marri via lists.openembedded.org wrote:
> - According to redhat[1] this CVE has closed as not a bug.
FWIW upstream qemu isn't rejecting it (though they are also not too
worried about it): https://gitlab.com/qemu-project/qemu/-/issues/2579
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 4dc6c104c7..25e57b9006 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -81,6 +81,8 @@ CVE_STATUS[CVE-2023-6693] = "cpe-incorrect: Applies only against version 8.2.0 a # NVD DB has this CVE as version-less (with "-") CVE_STATUS[CVE-2024-6505] = "fixed-version: this CVE is fixed since 9.1.0" +CVE_STATUS[CVE-2023-1386] = "disputed: not an issue as per https://bugzilla.redhat.com/show_bug.cgi?id=2223985" + COMPATIBLE_HOST:mipsarchn32 = "null" COMPATIBLE_HOST:mipsarchn64 = "null" COMPATIBLE_HOST:riscv32 = "null"
Upstream Repository: https://gitlab.com/qemu-project/qemu.git Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2023-1386 Type: Security Advisory CVE: CVE-2023-1386 Score: 3.3 Analysis: - According to redhat[1] this CVE has closed as not a bug. Reference: [1] https://bugzilla.redhat.com/show_bug.cgi?id=2223985 Signed-off-by: Madhu Marri <madmarri@cisco.com> --- meta/recipes-devtools/qemu/qemu.inc | 2 ++ 1 file changed, 2 insertions(+)