| Message ID | 20260420190749.1280090-2-ross.burton@arm.com |
|---|---|
| State | Under Review |
| Headers | show |
| Series | [1/5] bluez5: mark two CVEs as being in the wrong product | expand |
diff --git a/meta/recipes-core/systemd/systemd.inc b/meta/recipes-core/systemd/systemd.inc index b636d6e8b4f..f107c4c5da5 100644 --- a/meta/recipes-core/systemd/systemd.inc +++ b/meta/recipes-core/systemd/systemd.inc @@ -20,3 +20,9 @@ SRCBRANCH = "v259-stable" SRC_URI = "git://github.com/systemd/systemd.git;protocol=https;branch=${SRCBRANCH};tag=v${PV}" CVE_PRODUCT = "systemd" + +CVE_STATUS[CVE-2019-3815] = "not-applicable-platform: only applied to RHEL" +CVE_STATUS[CVE-2026-40223] = "fixed-version: fixed in 259.2" +CVE_STATUS[CVE-2026-40224] = "fixed-version: fixed in 259.3" +CVE_STATUS[CVE-2026-40225] = "fixed-version: fixed in 259.5" +CVE_STATUS[CVE-2026-40226] = "fixed-version: fixed in 259.4"
CVE-2019-3815 is specific to RHEL, and CVE-2026-40223 to -40226 have all been fixed in the stable branch. Signed-off-by: Ross Burton <ross.burton@arm.com> --- meta/recipes-core/systemd/systemd.inc | 6 ++++++ 1 file changed, 6 insertions(+)