diff mbox series

[2/5] systemd: mark several CVEs as fixed

Message ID 20260420190749.1280090-2-ross.burton@arm.com
State Under Review
Headers show
Series [1/5] bluez5: mark two CVEs as being in the wrong product | expand

Commit Message

Ross Burton April 20, 2026, 7:07 p.m. UTC
CVE-2019-3815 is specific to RHEL, and CVE-2026-40223 to -40226 have all
been fixed in the stable branch.

Signed-off-by: Ross Burton <ross.burton@arm.com>
---
 meta/recipes-core/systemd/systemd.inc | 6 ++++++
 1 file changed, 6 insertions(+)
diff mbox series

Patch

diff --git a/meta/recipes-core/systemd/systemd.inc b/meta/recipes-core/systemd/systemd.inc
index b636d6e8b4f..f107c4c5da5 100644
--- a/meta/recipes-core/systemd/systemd.inc
+++ b/meta/recipes-core/systemd/systemd.inc
@@ -20,3 +20,9 @@  SRCBRANCH = "v259-stable"
 SRC_URI = "git://github.com/systemd/systemd.git;protocol=https;branch=${SRCBRANCH};tag=v${PV}"
 
 CVE_PRODUCT = "systemd"
+
+CVE_STATUS[CVE-2019-3815] = "not-applicable-platform: only applied to RHEL"
+CVE_STATUS[CVE-2026-40223] = "fixed-version: fixed in 259.2"
+CVE_STATUS[CVE-2026-40224] = "fixed-version: fixed in 259.3"
+CVE_STATUS[CVE-2026-40225] = "fixed-version: fixed in 259.5"
+CVE_STATUS[CVE-2026-40226] = "fixed-version: fixed in 259.4"