diff mbox series

dpkg: set status for CVE-2025-6297

Message ID 20250815170517.12674-1-peter.marko@siemens.com
State New
Headers show
Series dpkg: set status for CVE-2025-6297 | expand

Commit Message

Peter Marko Aug. 15, 2025, 5:05 p.m. UTC 
From: Peter Marko <peter.marko@siemens.com>

NVD tracks this CVE as "Up to (excluding) 2025-06-30"
(which is fix commit date, not dpkg version)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 meta/recipes-devtools/dpkg/dpkg_1.22.21.bb | 3 +++
 1 file changed, 3 insertions(+)
diff mbox series

Patch

diff --git a/meta/recipes-devtools/dpkg/dpkg_1.22.21.bb b/meta/recipes-devtools/dpkg/dpkg_1.22.21.bb
index d793c26d57..69b3c3d880 100644
--- a/meta/recipes-devtools/dpkg/dpkg_1.22.21.bb
+++ b/meta/recipes-devtools/dpkg/dpkg_1.22.21.bb
@@ -19,3 +19,6 @@  SRC_URI = "git://salsa.debian.org/dpkg-team/dpkg.git;protocol=https;branch=1.22.
 SRC_URI:append:class-native = " file://0001-build.c-ignore-return-of-1-from-tar-cf.patch"
 
 SRCREV = "d72b038fd2113cb62972e4071db03dd1388394d8"
+
+# NVD tracks this CVE as "Up to (excluding) 2025-06-30" (which is fix commit date, not dpkg version)
+CVE_STATUS[CVE-2025-6297] = "cpe-incorrect: this is fixed in 1.22.21"