| Message ID | 20240429110735.54205-2-ninette@thehoodiefirm.com |
|---|---|
| State | New |
| Headers | show |
| Series | mpd: Update status for CVE-2020-7465 and CVE-2020-7466 | expand |
"ignored:" should not be used, see https://git.openembedded.org/openembedded-core/tree/meta/conf/cve-check-map.conf#n17 When CPE matches wrong component, then use "cpe-incorrect:". Also add newline at end of file, please... Peter -----Original Message----- From: openembedded-devel@lists.openembedded.org <openembedded-devel@lists.openembedded.org> On Behalf Of Ninette Adhikari via lists.openembedded.org Sent: Monday, April 29, 2024 13:08 To: openembedded-devel@lists.openembedded.org Cc: engineering@neighbourhood.ie; Ninette Adhikari <ninette@thehoodiefirm.com> Subject: [oe] [PATCH 1/1] mpd: Update status for CVE-2020-7465 and CVE-2020-7466 > The recipe used in the `meta-openembedded` is a different mpd package compared to the one which has the CVE issue. > Package used in `meta-embedded`: http://www.musicpd.org Package with CVE issue: https://sourceforge.net/projects/mpd/ > No action required. > > Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com> > --- > meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.14.bb | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.14.bb b/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.14.bb > index a762fc832..90211bd29 100644 > --- a/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.14.bb > +++ b/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.14.bb > @@ -100,3 +100,6 @@ USERADD_PARAM:${PN} = " \ > --home ${localstatedir}/lib/mpd \ > --groups audio \ > --user-group mpd" > + > +CVE_STATUS[CVE-2020-7465] = "ignored: The recipe used in the meta-openembedded is a different mpd package compared to the one which has the CVE issue." > +CVE_STATUS[CVE-2020-7466] = "ignored: The recipe used in the meta-openembedded is a different mpd package compared to the one which has the CVE issue." > \ No newline at end of file > -- > 2.44.0
diff --git a/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.14.bb b/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.14.bb index a762fc832..90211bd29 100644 --- a/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.14.bb +++ b/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.14.bb @@ -100,3 +100,6 @@ USERADD_PARAM:${PN} = " \ --home ${localstatedir}/lib/mpd \ --groups audio \ --user-group mpd" + +CVE_STATUS[CVE-2020-7465] = "ignored: The recipe used in the meta-openembedded is a different mpd package compared to the one which has the CVE issue." +CVE_STATUS[CVE-2020-7466] = "ignored: The recipe used in the meta-openembedded is a different mpd package compared to the one which has the CVE issue." \ No newline at end of file
The recipe used in the `meta-openembedded` is a different mpd package compared to the one which has the CVE issue. Package used in `meta-embedded`: http://www.musicpd.org Package with CVE issue: https://sourceforge.net/projects/mpd/ No action required. Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com> --- meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.14.bb | 3 +++ 1 file changed, 3 insertions(+)