diff mbox series

[meta-oe,2/7] botan: mark CVE-2026-32877 and CVE-2026-32883 patched

Message ID 20260406120314.3514982-2-skandigraun@gmail.com
State Under Review
Headers show
Series [meta-oe,1/7] botan: upgrade 3.11.0 -> 3.11.1 | expand

Commit Message

Gyorgy Sarvari April 6, 2026, 12:03 p.m. UTC 
Both CVEs were fixed in version 3.11.0, however NVD tracks them
without version/CPE info.

Relevant commits:
CVE-2026-32877: https://github.com/randombit/botan/commit/798a332e11949afa8b004564bb9031e66c1a4d13
CVE-2026-32883: https://github.com/randombit/botan/commit/6ecc62a4e36937d036df8c8eda6a85708abb8c37

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 meta-oe/recipes-crypto/botan/botan_3.11.1.bb | 3 +++
 1 file changed, 3 insertions(+)
diff mbox series

Patch

diff --git a/meta-oe/recipes-crypto/botan/botan_3.11.1.bb b/meta-oe/recipes-crypto/botan/botan_3.11.1.bb
index d3d0498ec6..2d6b64ad64 100644
--- a/meta-oe/recipes-crypto/botan/botan_3.11.1.bb
+++ b/meta-oe/recipes-crypto/botan/botan_3.11.1.bb
@@ -65,3 +65,6 @@  FILES:${PN}-test = "${bindir}/botan-test  ${datadir}/${PN}/tests/data"
 COMPATIBLE_HOST:riscv32 = "null"
 
 BBCLASSEXTEND = "native nativesdk"
+
+CVE_STATUS[CVE-2026-32877] = "fixed-version: fixed since 3.11.0"
+CVE_STATUS[CVE-2026-32883] = "fixed-version: fixed since 3.11.0"