[scarthgap] xz: ignore CVE-2024-47611

Message ID	20250818140102.1660577-1-daniel.turull@ericsson.com
State	Under Review
Delegated to:	Steve Sakoman
Headers	show Return-Path: <daniel.turull@ericsson.com> ip: 52.101.69.2, mailfrom: edaturu@ericsson.com) Received-SPF: Pass (protection.outlook.com: domain of ericsson.com designates 192.176.1.74 as permitted sender) receiver=protection.outlook.com; client-ip=192.176.1.74; helo=oa.msg.ericsson.com; pr=C From: <daniel.turull@ericsson.com> To: <openembedded-core@lists.openembedded.org> CC: Daniel Turull <daniel.turull@ericsson.com> Subject: [scarthgap][PATCH] xz: ignore CVE-2024-47611 Date: Mon, 18 Aug 2025 16:01:02 +0200 Message-ID: <20250818140102.1660577-1-daniel.turull@ericsson.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain
Series	[scarthgap] xz: ignore CVE-2024-47611 \| expand [scarthgap] xz: ignore CVE-2024-47611

Message ID

20250818140102.1660577-1-daniel.turull@ericsson.com

State

Under Review

Delegated to:

Steve Sakoman

Headers

Received-SPF: Pass (protection.outlook.com: domain of ericsson.com designates
 192.176.1.74 as permitted sender) receiver=protection.outlook.com;
 client-ip=192.176.1.74; helo=oa.msg.ericsson.com; pr=C
From: <daniel.turull@ericsson.com>
To: <openembedded-core@lists.openembedded.org>
CC: Daniel Turull <daniel.turull@ericsson.com>
Subject: [scarthgap][PATCH] xz: ignore CVE-2024-47611
Date: Mon, 18 Aug 2025 16:01:02 +0200
Message-ID: <20250818140102.1660577-1-daniel.turull@ericsson.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Aug 2025 14:01:18.1253
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 ef3a6464-3c85-42fa-c6e7-08ddde5fb420
X-MS-Exchange-CrossTenant-Id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=92e84ceb-fbfd-47ab-be52-080c6b87953f;Ip=[192.176.1.74];Helo=[oa.msg.ericsson.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	AM4PEPF00027A61.eurprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB6468
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 18 Aug 2025 14:01:28 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/222037

Series

[scarthgap] xz: ignore CVE-2024-47611 | expand

Commit Message

Daniel Turull Aug. 18, 2025, 2:01 p.m. UTC

From: Daniel Turull <daniel.turull@ericsson.com>

According to the NVD entry, it is only applicable when built
for native Windows (MinGW-w64 or MSVC).

Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
---
 meta/recipes-extended/xz/xz_5.4.7.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-extended/xz/xz_5.4.7.bb b/meta/recipes-extended/xz/xz_5.4.7.bb
index 563643d4d9..30a4c8e88c 100644
--- a/meta/recipes-extended/xz/xz_5.4.7.bb
+++ b/meta/recipes-extended/xz/xz_5.4.7.bb
@@ -35,6 +35,8 @@  SRC_URI[sha256sum] = "8db6664c48ca07908b92baedcfe7f3ba23f49ef2476864518ab5db6723
 UPSTREAM_CHECK_REGEX = "releases/tag/v(?P<pver>\d+(\.\d+)+)"
 UPSTREAM_CHECK_URI = "https://github.com/tukaani-project/xz/releases/"
 
+CVE_STATUS[CVE-2024-47611] = "not-applicable-platform: Issue only applies on Windows"
+
 CACHED_CONFIGUREVARS += "gl_cv_posix_shell=/bin/sh"
 
 inherit autotools gettext ptest

[scarthgap] xz: ignore CVE-2024-47611

Commit Message

Patch