[scarthgap,02/10] openssh: Mark CVE-2023-51767 as wont-fix

Message ID	9376c14f367477a8d02df1331908e3df3bd009b6.1728266000.git.steve@sakoman.com
State	Accepted
Delegated to:	Steve Sakoman
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.216.41, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 02/10] openssh: Mark CVE-2023-51767 as wont-fix Date: Sun, 6 Oct 2024 18:54:55 -0700 Message-Id: <9376c14f367477a8d02df1331908e3df3bd009b6.1728266000.git.steve@sakoman.com> In-Reply-To: <cover.1728266000.git.steve@sakoman.com> References: <cover.1728266000.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[scarthgap,01/10] gnupg: Document CVE-2022-3219 and mark wontfix \| expand [scarthgap,01/10] gnupg: Document CVE-2022-3219 and mark wontfix [scarthgap,02/10] openssh: Mark CVE-2023-51767 as wont-fix [scarthgap,03/10] wpa-supplicant: Ignore CVE-2024-5290 [scarthgap,04/10] wpa-supplicant: Patch CVE-2024-3596 [scarthgap,05/10] wpa-supplicant: Patch security advisory 2024-2 [scarthgap,06/10] glibc: stable 2.39 branch updates. [scarthgap,07/10] webkitgtk: upgrade 2.44.1 -> 2.44.3 [scarthgap,08/10] cryptodev: upgrade 1.13 -> 1.14 [scarthgap,09/10] populate_sdk_base: inherit nopackages [scarthgap,10/10] meta-world-pkgdata: Inherit nopackages

Message ID

9376c14f367477a8d02df1331908e3df3bd009b6.1728266000.git.steve@sakoman.com

State

Accepted

Delegated to:

Steve Sakoman

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 02/10] openssh: Mark CVE-2023-51767 as wont-fix
Date: Sun,  6 Oct 2024 18:54:55 -0700
Message-Id: 
 <9376c14f367477a8d02df1331908e3df3bd009b6.1728266000.git.steve@sakoman.com>
In-Reply-To: <cover.1728266000.git.steve@sakoman.com>
References: <cover.1728266000.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[scarthgap,01/10] gnupg: Document CVE-2022-3219 and mark wontfix | expand

Commit Message

Steve Sakoman Oct. 7, 2024, 1:54 a.m. UTC

From: Khem Raj <raj.khem@gmail.com>

(From OE-Core rev: 1b4bada6c003ef743df09283e45953e6d9ea4c5a)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-connectivity/openssh/openssh_9.6p1.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-connectivity/openssh/openssh_9.6p1.bb b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb
index 3c507cf911..a8ba67e360 100644
--- a/meta/recipes-connectivity/openssh/openssh_9.6p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb
@@ -40,6 +40,7 @@  CVE_STATUS[CVE-2014-9278] = "not-applicable-platform: This CVE is specific to Op
 Red Hat Enterprise Linux 7 and when running in a Kerberos environment"
 
 CVE_STATUS[CVE-2008-3844] = "not-applicable-platform: Only applies to some distributed RHEL binaries."
+CVE_STATUS[CVE-2023-51767] = "upstream-wontfix: It was demonstrated on modified sshd and does not exist in upstream openssh https://bugzilla.mindrot.org/show_bug.cgi?id=3656#c1."
 
 PAM_SRC_URI = "file://sshd"

[scarthgap,02/10] openssh: Mark CVE-2023-51767 as wont-fix

Commit Message

Patch