diff mbox series

[scarthgap] curl: update CVE_STATUS for CVE-2025-5025

Message ID 20250828091806.43939-1-vdabhi@cisco.com
State New
Headers show
Series [scarthgap] curl: update CVE_STATUS for CVE-2025-5025 | expand

Commit Message

Vrushti Dabhi -X (vdabhi - E INFOCHIPS PRIVATE LIMITED at Cisco) Aug. 28, 2025, 9:18 a.m. UTC 
From: Vrushti Dabhi <vdabhi@cisco.com>

This CVE applies only when curl is built with wolfSSL support.
Revised CVE_STATUS description to align with CVE details.

Reference: https://github.com/openembedded/openembedded-core/commit/93ae0758ef35

Signed-off-by: Vrushti Dabhi <vdabhi@cisco.com>
---
 meta/recipes-support/curl/curl_8.7.1.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/meta/recipes-support/curl/curl_8.7.1.bb b/meta/recipes-support/curl/curl_8.7.1.bb
index a21a086f40..6845a43cd2 100644
--- a/meta/recipes-support/curl/curl_8.7.1.bb
+++ b/meta/recipes-support/curl/curl_8.7.1.bb
@@ -37,7 +37,7 @@  CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl dan
 CVE_STATUS[CVE-2024-32928] = "ignored: CURLOPT_SSL_VERIFYPEER was disabled on google cloud services causing a potential man in the middle attack"
 
 CVE_STATUS[CVE-2025-0725] = "not-applicable-config: gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, using zlib 1.2.0.3 or older"
-CVE_STATUS[CVE-2025-5025] = "${@bb.utils.contains('PACKAGECONFIG', 'openssl', 'not-applicable-config: build with openssl','unpatched',d)}"
+CVE_STATUS[CVE-2025-5025] = "${@bb.utils.contains('PACKAGECONFIG', 'openssl', 'not-applicable-config: applicable only with wolfssl','unpatched',d)}"
 
 
 inherit autotools pkgconfig binconfig multilib_header ptest