diff mbox series

[1/8] harfbuzz: set status for CVE-2024-56732

Message ID 20260426120253.825060-1-peter.marko@siemens.com
State Under Review
Headers show
Series [1/8] harfbuzz: set status for CVE-2024-56732 | expand

Commit Message

Peter Marko April 26, 2026, 12:02 p.m. UTC 
From: Peter Marko <peter.marko@siemens.com>

This CVE does not have cpe in NVD DB.
In cvelistV5 it shows "version": ">= 8.5.0, <= 10.0.1" which is not
parseable with our tooling.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 meta/recipes-graphics/harfbuzz/harfbuzz_12.3.2.bb | 2 ++
 1 file changed, 2 insertions(+)
diff mbox series

Patch

diff --git a/meta/recipes-graphics/harfbuzz/harfbuzz_12.3.2.bb b/meta/recipes-graphics/harfbuzz/harfbuzz_12.3.2.bb
index 12bebc4bee..6ce275acb5 100644
--- a/meta/recipes-graphics/harfbuzz/harfbuzz_12.3.2.bb
+++ b/meta/recipes-graphics/harfbuzz/harfbuzz_12.3.2.bb
@@ -50,3 +50,5 @@  FILES:${PN}-icu-dev = "${libdir}/libharfbuzz-icu.so \
 FILES:${PN}-subset = "${libdir}/libharfbuzz-subset.so.*"
 
 BBCLASSEXTEND = "native nativesdk"
+
+CVE_STATUS[CVE-2024-56732] = "fixed-version: affected versions are >= 8.5.0, <= 10.0.1"