[kirkstone,01/12] subversion: ignore CVE-2024-45720

Message ID	3a3488c8c4c0e19e32504e03e6bb73777ac7c72e.1739912869.git.steve@sakoman.com
State	RFC
Delegated to:	Steve Sakoman
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.216.52, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 01/12] subversion: ignore CVE-2024-45720 Date: Tue, 18 Feb 2025 13:09:54 -0800 Message-ID: <3a3488c8c4c0e19e32504e03e6bb73777ac7c72e.1739912869.git.steve@sakoman.com> In-Reply-To: <cover.1739912869.git.steve@sakoman.com> References: <cover.1739912869.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[kirkstone,01/12] subversion: ignore CVE-2024-45720 \| expand [kirkstone,01/12] subversion: ignore CVE-2024-45720 [kirkstone,02/12] libpcre2: ignore CVE-2022-1586 [kirkstone,03/12] libxml2: Fix for CVE-2022-49043 [kirkstone,04/12] ruby: fix CVE-2024-41946 [kirkstone,05/12] gnutls: fix CVE-2024-12243 [kirkstone,06/12] ffmpeg: CVE-2025-0518 [kirkstone,07/12] ffmpeg: fix CVE-2024-36613 [kirkstone,08/12] ffmpeg: fix CVE-2024-36616 [kirkstone,09/12] ffmpeg: fix CVE-2024-36617 [kirkstone,10/12] scripts/install-buildtools: Update to 4.0.24 [kirkstone,11/12] scritps/runqemu: Ensure we only have two serial ports [kirkstone,12/12] procps: replaced one use of fputs(3) with a write(2) call

Message ID

3a3488c8c4c0e19e32504e03e6bb73777ac7c72e.1739912869.git.steve@sakoman.com

State

RFC

Delegated to:

Steve Sakoman

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 01/12] subversion: ignore CVE-2024-45720
Date: Tue, 18 Feb 2025 13:09:54 -0800
Message-ID: 
 <3a3488c8c4c0e19e32504e03e6bb73777ac7c72e.1739912869.git.steve@sakoman.com>
In-Reply-To: <cover.1739912869.git.steve@sakoman.com>
References: <cover.1739912869.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[kirkstone,01/12] subversion: ignore CVE-2024-45720 | expand

Commit Message

Steve Sakoman Feb. 18, 2025, 9:09 p.m. UTC

From: Peter Marko <peter.marko@siemens.com>

Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-45720

This CVE is relevant only for subversion running on Windows.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/subversion/subversion_1.14.2.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/recipes-devtools/subversion/subversion_1.14.2.bb b/meta/recipes-devtools/subversion/subversion_1.14.2.bb
index 35da95f39d..a979e63c60 100644
--- a/meta/recipes-devtools/subversion/subversion_1.14.2.bb
+++ b/meta/recipes-devtools/subversion/subversion_1.14.2.bb
@@ -19,6 +19,9 @@  inherit autotools pkgconfig gettext python3native
 
 CVE_PRODUCT = "apache:subversion"
 
+# not-applicable-platform: Issue only applies on Windows
+CVE_CHECK_IGNORE += "CVE-2024-45720"
+
 PACKAGECONFIG ?= ""
 
 PACKAGECONFIG[boost] = "--with-boost=${RECIPE_SYSROOT}${exec_prefix},--without-boost,boost"

[kirkstone,01/12] subversion: ignore CVE-2024-45720

Commit Message

Patch