diff mbox series

[wrynose,14/52] git: set status of 5 CVEs

Message ID 2b29078c8794250118b5b30576baa74f69ec77ad.1778198557.git.yoann.congal@smile.fr
State New
Headers show
Series [wrynose,01/52] shadow: set CVE_PRODUCT | expand

Commit Message

Yoann Congal May 8, 2026, 7:11 a.m. UTC 
From: Peter Marko <peter.marko@siemens.com>

It is unclear why entries in cvelistV5 cause these CVEs to appear in CVE
reports.
There is one which should also not be shown per listed CPEs, however it
does not have a patch, so it's not added to the list - CVE-2024-52005.
The others are set to fixed with version based on which .0 release
included patch mentioned in Debian security tracker for respective CVE.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 139e4e6f17da181eee029c81ea17b847e9cc559e)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 meta/recipes-devtools/git/git_2.53.0.bb | 6 ++++++
 1 file changed, 6 insertions(+)
diff mbox series

Patch

diff --git a/meta/recipes-devtools/git/git_2.53.0.bb b/meta/recipes-devtools/git/git_2.53.0.bb
index 5fe1767e285..8d71905f419 100644
--- a/meta/recipes-devtools/git/git_2.53.0.bb
+++ b/meta/recipes-devtools/git/git_2.53.0.bb
@@ -171,3 +171,9 @@  EXTRA_OECONF += "ac_cv_snprintf_returns_bogus=no \
 EXTRA_OEMAKE += "NO_GETTEXT=1"
 
 SRC_URI[tarball.sha256sum] = "429dc0f5fe5f14109930cdbbb588c5d6ef5b8528910f0d738040744bebdc6275"
+
+CVE_STATUS[CVE-2024-32002] = "fixed-version: fixed since v2.46.0"
+CVE_STATUS[CVE-2024-50349] = "fixed-version: fixed since v2.49.0"
+CVE_STATUS[CVE-2024-52006] = "fixed-version: fixed since v2.49.0"
+CVE_STATUS[CVE-2025-48385] = "fixed-version: fixed since v2.51.0"
+CVE_STATUS[CVE-2025-48386] = "fixed-version: fixed since v2.51.0"