[scarthgap,06/12] qemu: set CVE-2024-6505 to fixed

Message ID	33050bf82add43409675122a8f29acbcda4e8439.1733863624.git.steve@sakoman.com
State	RFC
Delegated to:	Steve Sakoman
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.215.172, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 06/12] qemu: set CVE-2024-6505 to fixed Date: Tue, 10 Dec 2024 12:56:22 -0800 Message-Id: <33050bf82add43409675122a8f29acbcda4e8439.1733863624.git.steve@sakoman.com> In-Reply-To: <cover.1733863624.git.steve@sakoman.com> References: <cover.1733863624.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[scarthgap,01/12] ffmpeg: fix CVE-2023-49501 \| expand [scarthgap,01/12] ffmpeg: fix CVE-2023-49501 [scarthgap,02/12] ffmpeg: fix CVE-2024-28661 [scarthgap,03/12] ffmpeg: fix CVE-2023-50007 [scarthgap,04/12] ffmpeg: fix CVE-2023-49528 [scarthgap,05/12] ffmpeg: fix CVE-2024-7055 [scarthgap,06/12] qemu: set CVE-2024-6505 to fixed [scarthgap,07/12] libpam: fix CVE-2024-10041 [scarthgap,08/12] systemd: drop intltool-native from DEPENDS [scarthgap,09/12] systemd-boot: drop intltool-native from DEPENDS [scarthgap,10/12] python3-poetry-core: drop python3-six from RDEPENDS [scarthgap,11/12] dnf: drop python3-iniparse from DEPENDS and RDEPENDS [scarthgap,12/12] sanity: check for working user namespaces

Message ID

33050bf82add43409675122a8f29acbcda4e8439.1733863624.git.steve@sakoman.com

State

RFC

Delegated to:

Steve Sakoman

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 06/12] qemu: set CVE-2024-6505 to fixed
Date: Tue, 10 Dec 2024 12:56:22 -0800
Message-Id: 
 <33050bf82add43409675122a8f29acbcda4e8439.1733863624.git.steve@sakoman.com>
In-Reply-To: <cover.1733863624.git.steve@sakoman.com>
References: <cover.1733863624.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[scarthgap,01/12] ffmpeg: fix CVE-2023-49501 | expand

Commit Message

Steve Sakoman Dec. 10, 2024, 8:56 p.m. UTC

From: Peter Marko <peter.marko@siemens.com>

CVE patch was removed on last upgrade as fixing commit was backported to
stable 8.2.x branch.

NVD DB has this CVE as version-less (with "-").
So explicit status set is needed to mark it as fixed.

(From OE-Core rev: 64359ec3b60ae68d39c2e6444f903fd20e397cff)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/qemu/qemu.inc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 40ee267a42..4dc6c104c7 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -78,6 +78,9 @@  CVE_STATUS[CVE-2023-6683] = "cpe-incorrect: Applies only against version 8.2.1 a
 
 CVE_STATUS[CVE-2023-6693] = "cpe-incorrect: Applies only against version 8.2.0 and earlier"
 
+# NVD DB has this CVE as version-less (with "-")
+CVE_STATUS[CVE-2024-6505] = "fixed-version: this CVE is fixed since 9.1.0"
+
 COMPATIBLE_HOST:mipsarchn32 = "null"
 COMPATIBLE_HOST:mipsarchn64 = "null"
 COMPATIBLE_HOST:riscv32 = "null"

[scarthgap,06/12] qemu: set CVE-2024-6505 to fixed

Commit Message

Patch