diff mbox series

[6/8] rsync: set status for CVE-2024-12084

Message ID 20260426120253.825060-6-peter.marko@siemens.com
State Under Review
Headers show
Series [1/8] harfbuzz: set status for CVE-2024-56732 | expand

Commit Message

Peter Marko April 26, 2026, 12:02 p.m. UTC 
From: Peter Marko <peter.marko@siemens.com>

Debian security tracker [1] says it's fixed in v3.4.0.
NVD [2] does not say that our version is vulnerable.

The CVE is reported probably because cvelistV5 has many CPE groups and
some of them are unparseable (so assumes vulnerable).

[1] https://security-tracker.debian.org/tracker/CVE-2024-12084
[2] https://nvd.nist.gov/vuln/detail/CVE-2024-12084

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 meta/recipes-devtools/rsync/rsync_3.4.1.bb | 2 ++
 1 file changed, 2 insertions(+)
diff mbox series

Patch

diff --git a/meta/recipes-devtools/rsync/rsync_3.4.1.bb b/meta/recipes-devtools/rsync/rsync_3.4.1.bb
index 697cdee829..509be486b8 100644
--- a/meta/recipes-devtools/rsync/rsync_3.4.1.bb
+++ b/meta/recipes-devtools/rsync/rsync_3.4.1.bb
@@ -64,3 +64,5 @@  do_install:append() {
 }
 
 BBCLASSEXTEND = "native nativesdk"
+
+CVE_STATUS[CVE-2024-12084] = "fixed-version: fixed since v3.4.0"