diff mbox series

[meta-oe,whinlatter,1/3] fex: ignore unrelated CVEs

Message ID 20251222194959.1725672-1-skandigraun@gmail.com
State New
Headers show
Series [meta-oe,whinlatter,1/3] fex: ignore unrelated CVEs | expand

Commit Message

Gyorgy Sarvari Dec. 22, 2025, 7:49 p.m. UTC 
These CVEs were filed for "Fram's Fast File Exchange" application, which
has the same abbreviated name as fex. Currently this recipe has no historical
CVEs associated, so I couldn't set the correct CVE_PRODUCT. Rather ignore
these irrelevant CVEs explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b990486203b8eca688cfb6fc9bebf8b138e0b334)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 meta-oe/recipes-devtools/fex/fex_2511.bb | 6 ++++++
 1 file changed, 6 insertions(+)
diff mbox series

Patch

diff --git a/meta-oe/recipes-devtools/fex/fex_2511.bb b/meta-oe/recipes-devtools/fex/fex_2511.bb
index 9c0748ac63..88dd48f953 100644
--- a/meta-oe/recipes-devtools/fex/fex_2511.bb
+++ b/meta-oe/recipes-devtools/fex/fex_2511.bb
@@ -54,3 +54,9 @@  LDFLAGS += "-fuse-ld=lld"
 
 FILES:${PN} += "${datadir} ${libdir}/binfmt.d ${libdir}/libFEXCore.so"
 FILES:${PN}-dev = "${includedir}"
+
+# At the time of writing this, this recipe has no historical CVEs associated, and couldn't
+# find a CPE to set. So ignore these unrelated vulnerabilities.
+CVE_STATUS_GROUPS = "CVE_STATUS_WRONG_CPE"
+CVE_STATUS_WRONG_CPE[status] = "cpe-incorrect: These vulnerabilities are for unrelated Fram's Fast File-EXchange application"
+CVE_STATUS_WRONG_CPE = "CVE-2012-0869 CVE-2012-1293 CVE-2014-3875 CVE-2014-3876 CVE-2014-3877"