diff mbox series

[meta-oe,scarthgap,1/4] mercurial: Update CVE status for CVE-2022-43410

Message ID 20251015063531.1573191-1-ankur.tyagi85@gmail.com
State New
Headers show
Series [meta-oe,scarthgap,1/4] mercurial: Update CVE status for CVE-2022-43410 | expand

Commit Message

Ankur Tyagi Oct. 15, 2025, 6:35 a.m. UTC 
From: Ninette Adhikari <ninette@thehoodiefirm.com>

The recipe used in the `meta-openembedded` is a different mercurial package compared to the one which has the CVE issue.
Package used in `meta-embedded`: https://www.mercurial-scm.org/
Package with CVE issue is a Jenkins plugin: https://plugins.jenkins.io/mercurial/
(This is reflected in the CPE)

Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit bf84ac1c4c1a00c2aa92a09fbdfae128d055fe05)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 meta-oe/recipes-devtools/mercurial/mercurial_6.5.bb | 1 +
 1 file changed, 1 insertion(+)
diff mbox series

Patch

diff --git a/meta-oe/recipes-devtools/mercurial/mercurial_6.5.bb b/meta-oe/recipes-devtools/mercurial/mercurial_6.5.bb
index 2451a36be2..53fe0a28ae 100644
--- a/meta-oe/recipes-devtools/mercurial/mercurial_6.5.bb
+++ b/meta-oe/recipes-devtools/mercurial/mercurial_6.5.bb
@@ -34,3 +34,4 @@  PACKAGES =+ "${PN}-python"
 FILES:${PN} += "${PYTHON_SITEPACKAGES_DIR} ${datadir}"
 FILES:${PN}-python = "${nonarch_libdir}/${PYTHON_DIR}"
 
+CVE_STATUS[CVE-2022-43410] = "cpe-incorrect: The recipe used in the `meta-openembedded` is a different mercurial package compared to the one which has the CVE issue."