| Message ID | 20260319155120.426126-1-youenn.lejeune@savoirfairelinux.com |
|---|---|
| State | New |
| Headers | show |
| Series | [meta-networking,scarthgap] spice: backported ignores for CVE-2016-0749 and CVE-2016-2150 | expand |
diff --git a/meta-networking/recipes-support/spice/spice_git.bb b/meta-networking/recipes-support/spice/spice_git.bb index 419316a26e..7900a7dea5 100644 --- a/meta-networking/recipes-support/spice/spice_git.bb +++ b/meta-networking/recipes-support/spice/spice_git.bb @@ -21,6 +21,8 @@ SRC_URI = "gitsm://gitlab.freedesktop.org/spice/spice;branch=master;protocol=htt S = "${WORKDIR}/git" +CVE_STATUS[CVE-2016-0749] = "fixed-version: patched since 0.13.2" +CVE_STATUS[CVE-2016-2150] = "fixed-version: patched since 0.13.2" CVE_STATUS[CVE-2018-10893] = "fixed-version: patched already, caused by inaccurate CPE in the NVD database." inherit meson gettext python3native python3-dir pkgconfig
NVD tracks those CVEs as version-less. The CVE_STATUS have already been added in master with commits [1, 2] [1] https://git.openembedded.org/meta-openembedded/commit/meta-networking/recipes-support/spice/spice_git.bb?id=e44f3251b552773fe9346fdf7aab244377cf6007 [2] https://git.openembedded.org/meta-openembedded/commit/meta-networking/recipes-support/spice/spice_git.bb?id=073e8452748132a93103e5db32dc9980c84d201c Signed-off-by: Youenn Le Jeune <youenn.lejeune@savoirfairelinux.com> --- meta-networking/recipes-support/spice/spice_git.bb | 2 ++ 1 file changed, 2 insertions(+)