| Message ID | 20260420190749.1280090-3-ross.burton@arm.com |
|---|---|
| State | Accepted, archived |
| Commit | cb3cfe2fa632eb81c09ca91d5d2e8c2bc218c19c |
| Headers | show |
| Series | [1/5] bluez5: mark two CVEs as being in the wrong product | expand |
diff --git a/meta/recipes-extended/xz/xz_5.8.2.bb b/meta/recipes-extended/xz/xz_5.8.2.bb index 982f5054c3a..7ada44d9f58 100644 --- a/meta/recipes-extended/xz/xz_5.8.2.bb +++ b/meta/recipes-extended/xz/xz_5.8.2.bb @@ -72,3 +72,7 @@ do_install_ptest () { ln -s ${bindir}/xzdiff ${D}${PTEST_PATH}/src/scripts/xzdiff ln -s ${bindir}/xzgrep ${D}${PTEST_PATH}/src/scripts/xzgrep } + +CVE_STATUS[CVE-2024-47611] = "fixed-version: fixed in 5.6.3 and Windows-specific" +CVE_STATUS[CVE-2025-31115] = "fixed-version: fixed in 5.8.1" +CVE_STATUS[CVE-2025-58058] = "cpe-incorrect: this is specific to the Go xz module"
- CVE-2024-47611 was fixed in 5.6.3 and is Windows-specific. - CVE-2025-31115 was fixed in 5.8.1. - CVE-2025-58058 is specific to the Go xz module, not this recipe. Signed-off-by: Ross Burton <ross.burton@arm.com> --- meta/recipes-extended/xz/xz_5.8.2.bb | 4 ++++ 1 file changed, 4 insertions(+)