diff mbox series

[2/5] vim: ignore CVE-2025-66476

Message ID 20260206104322.2604271-2-ankur.tyagi85@gmail.com
State New
Headers show
Series [1/5] avahi: patch CVE-2026-24401 | expand

Commit Message

Ankur Tyagi Feb. 6, 2026, 10:43 a.m. UTC 
From: Ankur Tyagi <ankur.tyagi85@gmail.com>

Details https://nvd.nist.gov/vuln/detail/CVE-2025-66476

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 meta/recipes-support/vim/vim_9.1.bb | 2 ++
 1 file changed, 2 insertions(+)

Comments

Marko, Peter Feb. 6, 2026, 10:49 a.m. UTC | #1 
This patch is not needed because vim was upgraded on master.
https://git.openembedded.org/openembedded-core/commit/?id=cf63518d20c3c4a61b0e726edf1df2201e88e8ab

Peter

> -----Original Message-----
> From: openembedded-core@lists.openembedded.org <openembedded-
> core@lists.openembedded.org> On Behalf Of Ankur Tyagi via
> lists.openembedded.org
> Sent: Friday, February 6, 2026 11:43
> To: openembedded-core@lists.openembedded.org
> Cc: Ankur Tyagi <ankur.tyagi85@gmail.com>
> Subject: [OE-core][PATCH 2/5] vim: ignore CVE-2025-66476
> 
> From: Ankur Tyagi <ankur.tyagi85@gmail.com>
> 
> Details https://nvd.nist.gov/vuln/detail/CVE-2025-66476
> 
> Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
> ---
>  meta/recipes-support/vim/vim_9.1.bb | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/meta/recipes-support/vim/vim_9.1.bb b/meta/recipes-
> support/vim/vim_9.1.bb
> index fee9f055e9..c492342ffb 100644
> --- a/meta/recipes-support/vim/vim_9.1.bb
> +++ b/meta/recipes-support/vim/vim_9.1.bb
> @@ -21,3 +21,5 @@ ALTERNATIVE_LINK_NAME[xxd] = "${bindir}/xxd"
>  # in many places for _FORTIFY_SOURCE=2.  Security flags become part of CC.
>  #
>  lcl_maybe_fortify = "${@oe.utils.conditional('DEBUG_BUILD','1','','-
> D_FORTIFY_SOURCE=1',d)}"
> +
> +CVE_STATUS[CVE-2025-66476] = "not-applicable-platform: Issue only applies on
> Windows"
Ankur Tyagi Feb. 6, 2026, 10:55 a.m. UTC | #2 
On Fri, Feb 6, 2026 at 11:49 PM Marko, Peter <Peter.Marko@siemens.com> wrote:
>
> This patch is not needed because vim was upgraded on master.
> https://git.openembedded.org/openembedded-core/commit/?id=cf63518d20c3c4a61b0e726edf1df2201e88e8ab
>

Got it, thanks Peter.

> Peter
>
> > -----Original Message-----
> > From: openembedded-core@lists.openembedded.org <openembedded-
> > core@lists.openembedded.org> On Behalf Of Ankur Tyagi via
> > lists.openembedded.org
> > Sent: Friday, February 6, 2026 11:43
> > To: openembedded-core@lists.openembedded.org
> > Cc: Ankur Tyagi <ankur.tyagi85@gmail.com>
> > Subject: [OE-core][PATCH 2/5] vim: ignore CVE-2025-66476
> >
> > From: Ankur Tyagi <ankur.tyagi85@gmail.com>
> >
> > Details https://nvd.nist.gov/vuln/detail/CVE-2025-66476
> >
> > Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
> > ---
> >  meta/recipes-support/vim/vim_9.1.bb | 2 ++
> >  1 file changed, 2 insertions(+)
> >
> > diff --git a/meta/recipes-support/vim/vim_9.1.bb b/meta/recipes-
> > support/vim/vim_9.1.bb
> > index fee9f055e9..c492342ffb 100644
> > --- a/meta/recipes-support/vim/vim_9.1.bb
> > +++ b/meta/recipes-support/vim/vim_9.1.bb
> > @@ -21,3 +21,5 @@ ALTERNATIVE_LINK_NAME[xxd] = "${bindir}/xxd"
> >  # in many places for _FORTIFY_SOURCE=2.  Security flags become part of CC.
> >  #
> >  lcl_maybe_fortify = "${@oe.utils.conditional('DEBUG_BUILD','1','','-
> > D_FORTIFY_SOURCE=1',d)}"
> > +
> > +CVE_STATUS[CVE-2025-66476] = "not-applicable-platform: Issue only applies on
> > Windows"
diff mbox series

Patch

diff --git a/meta/recipes-support/vim/vim_9.1.bb b/meta/recipes-support/vim/vim_9.1.bb
index fee9f055e9..c492342ffb 100644
--- a/meta/recipes-support/vim/vim_9.1.bb
+++ b/meta/recipes-support/vim/vim_9.1.bb
@@ -21,3 +21,5 @@  ALTERNATIVE_LINK_NAME[xxd] = "${bindir}/xxd"
 # in many places for _FORTIFY_SOURCE=2.  Security flags become part of CC.
 #
 lcl_maybe_fortify = "${@oe.utils.conditional('DEBUG_BUILD','1','','-D_FORTIFY_SOURCE=1',d)}"
+
+CVE_STATUS[CVE-2025-66476] = "not-applicable-platform: Issue only applies on Windows"