| Message ID | 20260415121752.793537-2-ross.burton@arm.com |
|---|---|
| State | Accepted, archived |
| Commit | d9b69d0a2d69e003b9432e1473830a89ff5a06c4 |
| Headers | show |
| Series | [1/2] libsoup: actually apply patches for CVE-2025-32049 and CVE-2026-1539 | expand |
diff --git a/meta/recipes-support/libsoup/libsoup_3.6.6.bb b/meta/recipes-support/libsoup/libsoup_3.6.6.bb index b51368adb64..9bc3f2f86fb 100644 --- a/meta/recipes-support/libsoup/libsoup_3.6.6.bb +++ b/meta/recipes-support/libsoup/libsoup_3.6.6.bb @@ -58,3 +58,8 @@ DEBIAN_NOAUTONAME:${PN} = "1" RRECOMMENDS:${PN} = "glib-networking" BBCLASSEXTEND = "native nativesdk" + +CVE_STATUS[CVE-2026-1467] = "fixed-version: fixed in 3.6.6" +CVE_STATUS[CVE-2026-1536] = "fixed-version: fixed in 3.6.6" +CVE_STATUS[CVE-2026-1801] = "fixed-version: fixed in 3.6.6" +CVE_STATUS[CVE-2026-2443] = "fixed-version: fixed in 3.6.6"
These issues have all been fixed in the 3.6.6 release that we have, but the CPEs are unversioned. I've contacted NIST to update the database but until that happens we can mark them as fixed. Signed-off-by: Ross Burton <ross.burton@arm.com> --- meta/recipes-support/libsoup/libsoup_3.6.6.bb | 5 +++++ 1 file changed, 5 insertions(+)