| Message ID | 20240429110207.50187-2-ninette@thehoodiefirm.com |
|---|---|
| State | New |
| Headers | show |
| Series | st: Update status for CVE-2017-16224 | expand |
"ignored:" should not be used, see https://git.openembedded.org/openembedded-core/tree/meta/conf/cve-check-map.conf#n17 When CPE matches wrong component, then use "cpe-incorrect:". Peter -----Original Message----- From: openembedded-devel@lists.openembedded.org <openembedded-devel@lists.openembedded.org> On Behalf Of Ninette Adhikari via lists.openembedded.org Sent: Monday, April 29, 2024 13:02 To: openembedded-devel@lists.openembedded.org Cc: engineering@neighbourhood.ie; Ninette Adhikari <ninette@thehoodiefirm.com> Subject: [oe] [PATCH 1/1] st: Update status for CVE-2017-16224 > The recipe used in the meta-openembedded is a different st package compared to the one which has the CVE issue. > Package used in meta-embedded: https://st.suckless.org/ Package with CVE issue: https://www.npmjs.com/package/st No action required. > > Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com> > --- > meta-oe/recipes-graphics/suckless/st_0.9.2.bb | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/meta-oe/recipes-graphics/suckless/st_0.9.2.bb b/meta-oe/recipes-graphics/suckless/st_0.9.2.bb > index 5e0f2e71c..984695a31 100644 > --- a/meta-oe/recipes-graphics/suckless/st_0.9.2.bb > +++ b/meta-oe/recipes-graphics/suckless/st_0.9.2.bb > @@ -33,3 +33,5 @@ ALTERNATIVE:${PN} = "st st-256color" > ALTERNATIVE_LINK_NAME[st] = "${datadir}/terminfo/s/st" > > ALTERNATIVE_LINK_NAME[st-256color] = "${datadir}/terminfo/s/st-256color" > + > +CVE_STATUS[CVE-2017-16224] = "ignored: The recipe used in the meta-openembedded is a different st package compared to the one which has the CVE issue." > -- > 2.44.0
diff --git a/meta-oe/recipes-graphics/suckless/st_0.9.2.bb b/meta-oe/recipes-graphics/suckless/st_0.9.2.bb index 5e0f2e71c..984695a31 100644 --- a/meta-oe/recipes-graphics/suckless/st_0.9.2.bb +++ b/meta-oe/recipes-graphics/suckless/st_0.9.2.bb @@ -33,3 +33,5 @@ ALTERNATIVE:${PN} = "st st-256color" ALTERNATIVE_LINK_NAME[st] = "${datadir}/terminfo/s/st" ALTERNATIVE_LINK_NAME[st-256color] = "${datadir}/terminfo/s/st-256color" + +CVE_STATUS[CVE-2017-16224] = "ignored: The recipe used in the meta-openembedded is a different st package compared to the one which has the CVE issue."
The recipe used in the meta-openembedded is a different st package compared to the one which has the CVE issue. Package used in meta-embedded: https://st.suckless.org/ Package with CVE issue: https://www.npmjs.com/package/st No action required. Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com> --- meta-oe/recipes-graphics/suckless/st_0.9.2.bb | 2 ++ 1 file changed, 2 insertions(+)