diff mbox series

[1/1] apache2:apache2-native: CVE status update

Message ID 20240626150612.29837-2-ninette@thehoodiefirm.com
State Accepted
Headers show
Series apache2:apache2-native: CVE status update | expand

Commit Message

Ninette Adhikari June 26, 2024, 3:06 p.m. UTC 
Update status for:
CVE-2007-6421, CVE-2007-6422, CVE-2007-6423, CVE-2008-2168

CPE is incorrect, the current version (2.4.59) is not affected.

Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com>
---
 meta-webserver/recipes-httpd/apache2/apache2_2.4.59.bb | 5 +++++
 1 file changed, 5 insertions(+)

--
2.44.0
diff mbox series

Patch

diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.59.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.59.bb
index 1632c6ccb..6dfecef8d 100644
--- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.59.bb
+++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.59.bb
@@ -37,6 +37,11 @@  DEPENDS = "openssl expat pcre apr apr-util apache2-native "

 CVE_PRODUCT = "apache:http_server"

+CVE_STATUS[CVE-2007-6421] = "cpe-incorrect: The current version (2.4.59) is not affected by the CVE which affects versions from 2.2 (incl.) to 2.2.8 (excl.)"
+CVE_STATUS[CVE-2007-6422] = "cpe-incorrect: The current version (2.4.59) is not affected by the CVE which affects versions from 2.2 (incl.) to 2.2.8 (excl.)"
+CVE_STATUS[CVE-2007-6423] = "cpe-incorrect: The current version (2.4.59) is not affected by the CVE which affects versions from 2.2.x to 2.2.7-dev"
+CVE_STATUS[CVE-2008-2168] = "cpe-incorrect: The current version (2.4.59) is not affected by the CVE which affects versions up to 2.2.6 (excl.)"
+
 SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice"

 PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)}"