diff mbox series

[v2] mpg123: set status for CVE-2006-3355

Message ID 20260414143254.3416-1-peter.marko@siemens.com
State New
Headers show
Series [v2] mpg123: set status for CVE-2006-3355 | expand

Commit Message

Peter Marko April 14, 2026, 2:32 p.m. UTC 
From: Peter Marko <peter.marko@siemens.com>

This CVE has only cpe version which is considered invalid:
* cpe:2.3:a:mpg123:mpg123:pre0.59s_r11:*:*:*:*:*:*:*

This means that the fixed version is unknown and thus all versions are
considered to be vulnerable.
Since the vulnerability was fixed in old version 0.59s_r11, mark it as
fixed.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
v2: commit message updated with description why sbom-cve-check fails

 meta/recipes-multimedia/mpg123/mpg123_1.33.4.bb | 2 ++
 1 file changed, 2 insertions(+)
diff mbox series

Patch

diff --git a/meta/recipes-multimedia/mpg123/mpg123_1.33.4.bb b/meta/recipes-multimedia/mpg123/mpg123_1.33.4.bb
index 648eb21500..dd5f8a53f5 100644
--- a/meta/recipes-multimedia/mpg123/mpg123_1.33.4.bb
+++ b/meta/recipes-multimedia/mpg123/mpg123_1.33.4.bb
@@ -53,3 +53,5 @@  EXTRA_OECONF = " \
 #| make[3]: *** [equalizer.lo] Error 1
 ARM_INSTRUCTION_SET:armv4 = "arm"
 ARM_INSTRUCTION_SET:armv5 = "arm"
+
+CVE_STATUS[CVE-2006-3355] = "fixed-version: fixed since pre0.59s_r11"