diff mbox series

[1/5] bluez5: mark two CVEs as being in the wrong product

Message ID 20260420190749.1280090-1-ross.burton@arm.com
State Accepted, archived
Commit 6cbf55abe401ddec81630e85bb0151f1f693c78b
Headers show
Series [1/5] bluez5: mark two CVEs as being in the wrong product | expand

Commit Message

Ross Burton April 20, 2026, 7:07 p.m. UTC 
CVE-2020-12351 and CVE-2020-12352 ("BleedingTooth") are actually issues
in the Linux kernel, not BlueZ as reported in the CVE.

Signed-off-by: Ross Burton <ross.burton@arm.com>
---
 meta/recipes-connectivity/bluez5/bluez5_5.86.bb | 2 ++
 1 file changed, 2 insertions(+)
diff mbox series

Patch

diff --git a/meta/recipes-connectivity/bluez5/bluez5_5.86.bb b/meta/recipes-connectivity/bluez5/bluez5_5.86.bb
index 2d56fc642de..8974a2c69c9 100644
--- a/meta/recipes-connectivity/bluez5/bluez5_5.86.bb
+++ b/meta/recipes-connectivity/bluez5/bluez5_5.86.bb
@@ -5,6 +5,8 @@  LDFLAGS += " ${@bb.utils.contains('DISTRO_FEATURES', 'ld-is-lld', '-Wl,-z,nostar
 SRC_URI[sha256sum] = "99f144540c6070591e4c53bcb977eb42664c62b7b36cb35a29cf72ded339621d"
 
 CVE_STATUS[CVE-2020-24490] = "cpe-incorrect: This issue has kernel fixes rather than bluez fixes"
+CVE_STATUS[CVE-2020-12351] = "cpe-incorrect: This issue has kernel fixes rather than bluez fixes"
+CVE_STATUS[CVE-2020-12352] = "cpe-incorrect: This issue has kernel fixes rather than bluez fixes"
 
 # noinst programs in Makefile.tools that are conditional on READLINE
 # support