[wrynose,17/52] ovmf: set status for 7 CVEs

Message ID	620bfc832a46bc4525e194e989ef4177460757ea.1778198557.git.yoann.congal@smile.fr
State	New
Headers	show Return-Path: <yoann.congal@smile.fr> ip: 209.85.221.45, mailfrom: yoann.congal@smile.fr) From: Yoann Congal <yoann.congal@smile.fr> To: openembedded-core@lists.openembedded.org Subject: [OE-core][wrynose 17/52] ovmf: set status for 7 CVEs Date: Fri, 8 May 2026 09:11:10 +0200 Message-ID: <620bfc832a46bc4525e194e989ef4177460757ea.1778198557.git.yoann.congal@smile.fr> In-Reply-To: <cover.1778198557.git.yoann.congal@smile.fr> References: <cover.1778198557.git.yoann.congal@smile.fr> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[wrynose,01/52] shadow: set CVE_PRODUCT \| expand [wrynose,01/52] shadow: set CVE_PRODUCT [wrynose,02/52] ruby: set status for CVE-2025-0306 [wrynose,03/52] python3-setuptools: set status for CVE-2024-6345 [wrynose,04/52] p11-kit: set status for CVE-2026-2100 [wrynose,05/52] libva: set status for CVE-2023-39929 [wrynose,06/52] harfbuzz: set status for CVE-2024-56732 [wrynose,07/52] gnutls: set status for CVE-2026-1584 [wrynose,08/52] cve-extra-exclusions: ignore CVE-2019-2708 [wrynose,09/52] bind: set status for CVE-2017-3139 [wrynose,10/52] base-files: set status for CVE-2018-6557 [wrynose,11/52] rsync: set status for CVE-2024-12084 [wrynose,12/52] python3-requests: set status for CVE-2024-35195 [wrynose,13/52] python3-requests: set status for CVE-2024-47081 [wrynose,14/52] git: set status of 5 CVEs [wrynose,15/52] cargo: set status of CVE-2023-40030 [wrynose,16/52] cargo: set CVE_PRODUCT [wrynose,17/52] ovmf: set status for 7 CVEs [wrynose,18/52] sed: upgrade 4.9 -> 4.10 [wrynose,19/52] classes/base: add explicit bzip2-native dependency for unpacking .bz2 [wrynose,20/52] ccache: upgrade 4.13.2 -> 4.13.3 [wrynose,21/52] dhcpcd: upgrade 10.3.0 -> 10.3.1 [wrynose,22/52] groff: upgrade 1.24.0 -> 1.24.1 [wrynose,23/52] gsettings-desktop-schemas: upgrade 50.0 -> 50.1 [wrynose,24/52] gtk+3: upgrade 3.24.51 -> 3.24.52 [wrynose,25/52] gtk4: upgrade 4.22.1 -> 4.22.2 [wrynose,26/52] hwdata: upgrade 0.405 -> 0.406 [wrynose,27/52] avahi: Fix CVE-2026-34933 [wrynose,28/52] rust: fix codegen test failure on big-endian targets [wrynose,29/52] bluez5: add patches to fix 8.56 cli issues [wrynose,30/52] python3-urllib3: enable setuptools-scm 10.x [wrynose,31/52] perf: add PACKAGECONFIG for llvm [wrynose,32/52] scripts/cve-json-to-text.py: simplify getopt argument parsing [wrynose,33/52] package.py: fix kernel module file pre-filter and document strip asymmetry [wrynose,34/52] ffmpeg: set status for 4 CVEs [wrynose,35/52] pseudo: Update 1.9.5 -> 1.9.6 [wrynose,36/52] mirrors: remove inactive sources.openembedded.org URLs [wrynose,37/52] wpa-supplicant: remove obsolete explicit debug packaging [wrynose,38/52] python3-cryptography: remove obsolete explicit debug packaging [wrynose,39/52] gobject-introspection: remove obsolete explicit debug packaging [wrynose,40/52] kernel-devsrc: remove obsolete explicit debug packaging [wrynose,41/52] coreutils: set CVE_PRODUCT [wrynose,42/52] libsoup: set status for CVE-2026-2436 [wrynose,43/52] libsoup: patch CVE-2026-5119 [wrynose,44/52] dhcpcd: remove obsolete explicit debug packaging [wrynose,45/52] sudo: set CVE_PRODUCT [wrynose,46/52] apr: Add CVE_PRODUCT to support product name [wrynose,47/52] apr-util: Add CVE_PRODUCT to support product name [wrynose,48/52] libarchive: set status for CVE-2026-4426 [wrynose,49/52] sudo: patch CVE-2026-35535 [wrynose,50/52] inetutils: patch CVE-2026-32772 [wrynose,51/52] devtool: Disable gpg signing when setting up source tree repos [wrynose,52/52] glibc: Fix recipe bug that disabled stack protector

Message ID

620bfc832a46bc4525e194e989ef4177460757ea.1778198557.git.yoann.congal@smile.fr

State

New

Headers

From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][wrynose 17/52] ovmf: set status for 7 CVEs
Date: Fri,  8 May 2026 09:11:10 +0200
Message-ID: 
 <620bfc832a46bc4525e194e989ef4177460757ea.1778198557.git.yoann.congal@smile.fr>
In-Reply-To: <cover.1778198557.git.yoann.congal@smile.fr>
References: <cover.1778198557.git.yoann.congal@smile.fr>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[wrynose,01/52] shadow: set CVE_PRODUCT | expand

Commit Message

Yoann Congal May 8, 2026, 7:11 a.m. UTC

From: Peter Marko <peter.marko@siemens.com>

These reappeared after last update of sbom-cve-check tooling.
"fixed-in" release was determined by following links in Debian CVE
reports except CVE-2025-2295 which was taken from Yocto master CVE
patch.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8cdfceff6606e00230551f6817289d751a414f0b)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 meta/recipes-core/ovmf/ovmf_git.bb | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb
index d731bca7f25..19bcc4a96fa 100644
--- a/meta/recipes-core/ovmf/ovmf_git.bb
+++ b/meta/recipes-core/ovmf/ovmf_git.bb
@@ -48,6 +48,13 @@  CVE_STATUS[CVE-2019-14575] = "fixed-version: The CPE in the NVD database doesn't
 CVE_STATUS[CVE-2019-14586] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
 CVE_STATUS[CVE-2019-14587] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
 CVE_STATUS[CVE-2024-1298] = "fixed-version: fixed since edk2-stable202405"
+CVE_STATUS[CVE-2024-38796] = "fixed-version: fixed since edk2-stable202411"
+CVE_STATUS[CVE-2024-38797] = "fixed-version: fixed since edk2-stable202502"
+CVE_STATUS[CVE-2024-38798] = "fixed-version: fixed since edk2-stable202511"
+CVE_STATUS[CVE-2024-38805] = "fixed-version: fixed since edk2-stabe202508"
+CVE_STATUS[CVE-2025-2295] = "fixed-version: fixed since edk2-stable202505"
+CVE_STATUS[CVE-2025-2296] = "fixed-version: fixed since edk2-stable202505"
+CVE_STATUS[CVE-2025-3770] = "fixed-version: fixed since edk2-stable202508"
 
 inherit deploy

[wrynose,17/52] ovmf: set status for 7 CVEs

Commit Message

Patch