| Message ID | 20251115182312.1262645-1-skandigraun@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [meta-oe,scarthgap,1/3] linuxptp: ignore CVE-2024-42861 | expand |
diff --git a/meta-oe/recipes-connectivity/linuxptp/linuxptp_4.1.bb b/meta-oe/recipes-connectivity/linuxptp/linuxptp_4.1.bb index 9a5c9b5204..d7d90bba25 100644 --- a/meta-oe/recipes-connectivity/linuxptp/linuxptp_4.1.bb +++ b/meta-oe/recipes-connectivity/linuxptp/linuxptp_4.1.bb @@ -60,3 +60,5 @@ SYSTEMD_AUTO_ENABLE:${PN} = "disable" PACKAGES =+ "${PN}-configs" FILES:${PN}-configs += "${docdir}" + +CVE_STATUS[2024-42861] = "disputed: Considered to be bogus by upstream and major distros"
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-42861 The vulnerability report is considered to be bogus and a non-issue (or at least not a security issue) by upstream[1] and by major Linux distros[2][3][4]. [1]: https://lists.nwtime.org/sympa/arc/linuxptp-devel/2024-09/msg00080.html [2]: Ubuntu: https://ubuntu.com/security/CVE-2024-42861 [3]: Debian: https://security-tracker.debian.org/tracker/CVE-2024-42861 [4]: Suse: https://bugzilla.suse.com/show_bug.cgi?id=1230935 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> --- meta-oe/recipes-connectivity/linuxptp/linuxptp_4.1.bb | 2 ++ 1 file changed, 2 insertions(+)