diff mbox series

[5/6] ovmf: set status for CVE-2024-1298

Message ID 20260413211447.564257-5-peter.marko@siemens.com
State New
Headers show
Series [1/6] xdg-utils: set status for CVE-2025-52968 | expand

Commit Message

Marko, Peter April 13, 2026, 9:14 p.m. UTC 
From: Peter Marko <peter.marko@siemens.com>

cvelistV5 uses full tag name (edk2-stable202405) while NVD uses only
version (202405).
Since NVD CPE is not yet available, cvelistV5 marks it at not patched
yet because the string sorts after the version.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 meta/recipes-core/ovmf/ovmf_git.bb | 1 +
 1 file changed, 1 insertion(+)
diff mbox series

Patch

diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb
index ec6c3b516c..150e2d47e0 100644
--- a/meta/recipes-core/ovmf/ovmf_git.bb
+++ b/meta/recipes-core/ovmf/ovmf_git.bb
@@ -45,6 +45,7 @@  CVE_STATUS[CVE-2019-14563] = "fixed-version: The CPE in the NVD database doesn't
 CVE_STATUS[CVE-2019-14575] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
 CVE_STATUS[CVE-2019-14586] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
 CVE_STATUS[CVE-2019-14587] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
+CVE_STATUS[CVE-2024-1298] = "fixed-version: fixed since edk2-stable202405"
 
 inherit deploy