diff mbox series

[scarthgap] qemu: ignore CVE-2025-54566 and CVE-2025-54567

Message ID 20251231215843.487608-1-peter.marko@siemens.com
State New
Headers show
Series [scarthgap] qemu: ignore CVE-2025-54566 and CVE-2025-54567 | expand

Commit Message

Peter Marko Dec. 31, 2025, 9:58 p.m. UTC 
From: Peter Marko <peter.marko@siemens.com>

These CVEs are not applicable to version 8.2.x as the vulnerable code
was introduced inly in 10.0.0.

Debian made the analysis, reuse their work.
* https://security-tracker.debian.org/tracker/CVE-2025-54566
* https://security-tracker.debian.org/tracker/CVE-2025-54567

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 meta/recipes-devtools/qemu/qemu.inc | 3 +++
 1 file changed, 3 insertions(+)
diff mbox series

Patch

diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index dde3b0be139..748a32215e0 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -88,6 +88,9 @@  CVE_STATUS[CVE-2023-1386] = "disputed: not an issue as per https://bugzilla.redh
 
 CVE_STATUS[CVE-2024-7730] = "fixed-version: this is fixed in v8.2.7"
 
+CVE_STATUS[CVE-2025-54566] = "cpe-incorrect: This issue was introduced in v10.0.0-rc0"
+CVE_STATUS[CVE-2025-54567] = "cpe-incorrect: This issue was introduced in v10.0.0-rc0"
+
 COMPATIBLE_HOST:mipsarchn32 = "null"
 COMPATIBLE_HOST:mipsarchn64 = "null"
 COMPATIBLE_HOST:riscv32 = "null"