| Message ID | 20260317172346.2862459-3-skandigraun@gmail.com |
|---|---|
| State | Under Review |
| Headers | show |
| Series | [meta-oe,1/7] libsodium: mark CVE-2025-69277 patched | expand |
diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.28.8.bb b/meta-oe/recipes-support/exiv2/exiv2_0.28.8.bb index df0e72f5d6..9369daa805 100644 --- a/meta-oe/recipes-support/exiv2/exiv2_0.28.8.bb +++ b/meta-oe/recipes-support/exiv2/exiv2_0.28.8.bb @@ -36,3 +36,5 @@ do_install_ptest(){ install -d ${D}${PTEST_PATH}/src install ${S}/src/canonmn_int.cpp ${D}${PTEST_PATH}/src } + +CVE_STATUS[CVE-2026-27631] = "fixed-version: fixed in 0.28.8"
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-27631 Though NVD indicates that 0.28.8 is still vulnerable, that does not seem to be the case: the fix that is referenced by the advisory has been backported[1] to this verison. Due to this, mark this CVE as patched. [1]: https://github.com/Exiv2/exiv2/commit/21d129c842212c198dd887dbaafc5ce734e9dfad Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> --- meta-oe/recipes-support/exiv2/exiv2_0.28.8.bb | 2 ++ 1 file changed, 2 insertions(+)