[meta-networking] dovecot: ignore CVE-2016-4983 (again)

Message ID	20251013184740.481753-1-skandigraun@gmail.com
State	Under Review
Headers	show Return-Path: <skandigraun@gmail.com> ip: 209.85.221.42, mailfrom: skandigraun@gmail.com) From: Gyorgy Sarvari <skandigraun@gmail.com> To: openembedded-devel@lists.openembedded.org Subject: [meta-networking][PATCH] dovecot: ignore CVE-2016-4983 (again) Date: Mon, 13 Oct 2025 20:47:40 +0200 Message-ID: <20251013184740.481753-1-skandigraun@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[meta-networking] dovecot: ignore CVE-2016-4983 (again) \| expand [meta-networking] dovecot: ignore CVE-2016-4983 (again)

Message ID

20251013184740.481753-1-skandigraun@gmail.com

State

Under Review

Headers

From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-networking][PATCH] dovecot: ignore CVE-2016-4983 (again)
Date: Mon, 13 Oct 2025 20:47:40 +0200
Message-ID: <20251013184740.481753-1-skandigraun@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[meta-networking] dovecot: ignore CVE-2016-4983 (again) | expand

Commit Message

Gyorgy Sarvari Oct. 13, 2025, 6:47 p.m. UTC

I removed the CVE_STATUS setting for CVE-2016-4983 when this recipe was
updated to 2.4.1-4 - but that was a mistake, the CVE database considers
(incorrectly) even the latest version as vulnerable.

Revert that mistake by adding back the correct CVE_STATUS to the recipe.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 meta-networking/recipes-support/dovecot/dovecot_2.4.1-4.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-networking/recipes-support/dovecot/dovecot_2.4.1-4.bb b/meta-networking/recipes-support/dovecot/dovecot_2.4.1-4.bb
index a06fd45199..5894c76bac 100644
--- a/meta-networking/recipes-support/dovecot/dovecot_2.4.1-4.bb
+++ b/meta-networking/recipes-support/dovecot/dovecot_2.4.1-4.bb
@@ -75,3 +75,5 @@  FILES:${PN} += "${libdir}/dovecot/*plugin.so \
 FILES:${PN}-staticdev += "${libdir}/dovecot/*/*.a"
 FILES:${PN}-dev += "${libdir}/dovecot/libdovecot*.so"
 FILES:${PN}-dbg += "${libdir}/dovecot/*/.debug"
+
+CVE_STATUS[CVE-2016-4983] = "not-applicable-platform: Affects only postinstall script on specific distribution."

[meta-networking] dovecot: ignore CVE-2016-4983 (again)

Commit Message

Patch