[scarthgap,03/10] qemu: set cve status for CVE-2023-6683

Message ID	422fc84ddbe46580dc6d647eff62c4dbc8551e63.1723083840.git.steve@sakoman.com
State	Accepted
Delegated to:	Steve Sakoman
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.216.52, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 03/10] qemu: set cve status for CVE-2023-6683 Date: Wed, 7 Aug 2024 19:28:39 -0700 Message-Id: <422fc84ddbe46580dc6d647eff62c4dbc8551e63.1723083840.git.steve@sakoman.com> In-Reply-To: <cover.1723083840.git.steve@sakoman.com> References: <cover.1723083840.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[scarthgap,01/10] curl: Patch CVE-2024-6197 \| expand [scarthgap,01/10] curl: Patch CVE-2024-6197 [scarthgap,02/10] glibc: cleanup old cve status [scarthgap,03/10] qemu: set cve status for CVE-2023-6683 [scarthgap,04/10] ffmpeg: fix CVE-2024-31582 [scarthgap,05/10] nasm: Upgrade 2.16.01 -> 2.16.03 [scarthgap,06/10] orc: upgrade 0.4.38 -> 0.4.39 [scarthgap,07/10] bind: Upgrade 9.18.25 -> 9.18.28 [scarthgap,08/10] curl: correct the PACKAGECONFIG for native/nativesdk [scarthgap,09/10] libmnl: explicitly disable doxygen [scarthgap,10/10] libpng: update SRC_URI

Message ID

422fc84ddbe46580dc6d647eff62c4dbc8551e63.1723083840.git.steve@sakoman.com

State

Accepted

Delegated to:

Steve Sakoman

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 03/10] qemu: set cve status for CVE-2023-6683
Date: Wed,  7 Aug 2024 19:28:39 -0700
Message-Id: 
 <422fc84ddbe46580dc6d647eff62c4dbc8551e63.1723083840.git.steve@sakoman.com>
In-Reply-To: <cover.1723083840.git.steve@sakoman.com>
References: <cover.1723083840.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[scarthgap,01/10] curl: Patch CVE-2024-6197 | expand

Commit Message

Steve Sakoman Aug. 8, 2024, 2:28 a.m. UTC

From: Peter Marko <peter.marko@siemens.com>

This CVE is fixed in v8.2.2 with v8.2.1-55-g480a6adc83

https://github.com/qemu/qemu/commit/480a6adc83a7bbc84bfe67229e084603dc061824

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/qemu/qemu.inc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 41af9ca045..3643b9a544 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -74,6 +74,8 @@  CVE_STATUS[CVE-2023-3019] = "cpe-incorrect: Applies only against versions before
 
 CVE_STATUS[CVE-2023-5088] = "cpe-incorrect: Applies only against version 8.2.0 and earlier"
 
+CVE_STATUS[CVE-2023-6683] = "cpe-incorrect: Applies only against version 8.2.1 and earlier"
+
 CVE_STATUS[CVE-2023-6693] = "cpe-incorrect: Applies only against version 8.2.0 and earlier"
 
 COMPATIBLE_HOST:mipsarchn32 = "null"