[meta-oe,kirkstone,2/4] dash: set CVE_PRODUCT

Message ID	20251021145349.33878-2-skandigraun@gmail.com
State	New
Headers	show Return-Path: <skandigraun@gmail.com> ip: 209.85.128.48, mailfrom: skandigraun@gmail.com) From: Gyorgy Sarvari <skandigraun@gmail.com> To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][kirkstone][PATCH 2/4] dash: set CVE_PRODUCT Date: Tue, 21 Oct 2025 16:53:46 +0200 Message-ID: <20251021145349.33878-2-skandigraun@gmail.com> In-Reply-To: <20251021145349.33878-1-skandigraun@gmail.com> References: <20251021145349.33878-1-skandigraun@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[meta-oe,kirkstone,1/4] wavpack: patch CVE-2016-10169 \| expand [meta-oe,kirkstone,1/4] wavpack: patch CVE-2016-10169 [meta-oe,kirkstone,2/4] dash: set CVE_PRODUCT [meta-networking,kirkstone,3/4] netkit-telnet: patch CVE-2022-39028 [meta-oe,kirkstone,4/4] renderdoc: patch CVE-2023-33863, CVE-2023-33864 and CVE-2023-33865

Message ID

20251021145349.33878-2-skandigraun@gmail.com

State

New

Headers

From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-oe][kirkstone][PATCH 2/4] dash: set CVE_PRODUCT
Date: Tue, 21 Oct 2025 16:53:46 +0200
Message-ID: <20251021145349.33878-2-skandigraun@gmail.com>
In-Reply-To: <20251021145349.33878-1-skandigraun@gmail.com>
References: <20251021145349.33878-1-skandigraun@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[meta-oe,kirkstone,1/4] wavpack: patch CVE-2016-10169 | expand

Commit Message

Gyorgy Sarvari Oct. 21, 2025, 2:53 p.m. UTC

From: Peter Marko <peter.marko@siemens.com>

This removes false positive CVE-2024-21485 from cve reports.

$ sqlite3 nvdcve_2-2.db
sqlite> select * from products where product = 'dash';
CVE-2009-0854|dash|dash|0.5.4|=||
CVE-2024-21485|plotly|dash|||2.13.0|<
CVE-2024-21485|plotly|dash|2.14.0|>=|2.15.0|<

Our dash:dash did not reach major version 1 yet.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e1427013e01df44b9275908f7605e8e25fc3fd83)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 meta-oe/recipes-shells/dash/dash_0.5.11.5.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-oe/recipes-shells/dash/dash_0.5.11.5.bb b/meta-oe/recipes-shells/dash/dash_0.5.11.5.bb
index 3674052311..904d8a74cc 100644
--- a/meta-oe/recipes-shells/dash/dash_0.5.11.5.bb
+++ b/meta-oe/recipes-shells/dash/dash_0.5.11.5.bb
@@ -10,6 +10,8 @@  inherit autotools update-alternatives
 SRC_URI = "http://gondor.apana.org.au/~herbert/${BPN}/files/${BP}.tar.gz"
 SRC_URI[sha256sum] = "db778110891f7937985f29bf23410fe1c5d669502760f584e54e0e7b29e123bd"
 
+CVE_PRODUCT = "dash:dash"
+
 EXTRA_OECONF += "--bindir=${base_bindir}"
 
 ALTERNATIVE:${PN} = "sh"

[meta-oe,kirkstone,2/4] dash: set CVE_PRODUCT

Commit Message

Patch