diff mbox series

[4/6] git: set status of 5 CVEs

Message ID 20260426185025.13217-4-peter.marko@siemens.com
State New
Headers show
Series [1/6] sudo: set status of CVE-2025-64170 and CVE-2025-64517 | expand

Commit Message

Peter Marko April 26, 2026, 6:50 p.m. UTC 
From: Peter Marko <peter.marko@siemens.com>

It is unclear why entries in cvelistV5 cause these CVEs to appear in CVE
reports.
There is one which should also not be shown per listed CPEs, however it
does not have a patch, so it's not added to the list - CVE-2024-52005.
The others are set to fixed with version based on which .0 release
included patch mentioned in Debian security tracker for respective CVE.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 meta/recipes-devtools/git/git_2.53.0.bb | 6 ++++++
 1 file changed, 6 insertions(+)
diff mbox series

Patch

diff --git a/meta/recipes-devtools/git/git_2.53.0.bb b/meta/recipes-devtools/git/git_2.53.0.bb
index 5fe1767e28..5169e93931 100644
--- a/meta/recipes-devtools/git/git_2.53.0.bb
+++ b/meta/recipes-devtools/git/git_2.53.0.bb
@@ -171,3 +171,9 @@  EXTRA_OECONF += "ac_cv_snprintf_returns_bogus=no \
 EXTRA_OEMAKE += "NO_GETTEXT=1"
 
 SRC_URI[tarball.sha256sum] = "429dc0f5fe5f14109930cdbbb588c5d6ef5b8528910f0d738040744bebdc6275"
+
+CVE_STATUS[CVE-2024-32002] = "fixed version: fixed since v2.46.0"
+CVE_STATUS[CVE-2024-50349] = "fixed version: fixed since v2.49.0"
+CVE_STATUS[CVE-2024-52006] = "fixed version: fixed since v2.49.0"
+CVE_STATUS[CVE-2025-48385] = "fixed version: fixed since v2.51.0"
+CVE_STATUS[CVE-2025-48386] = "fixed version: fixed since v2.51.0"