diff mbox series

[meta-oe,1/2] libwebsockets: set status for CVE-2025-1866

Message ID 20260716170232.818077-1-peter.marko@siemens.com
State New
Headers show
Series [meta-oe,1/2] libwebsockets: set status for CVE-2025-1866 | expand

Commit Message

Peter Marko July 16, 2026, 5:02 p.m. UTC
From: Peter Marko <peter.marko@siemens.com>

Current cve-check code does not correctly decode the entry [1]:

"versions": [
    {
        "changes": [
            {
                "at": "patch 4.3.4",
                "status": "unaffected"
            }
        ],
        "lessThan": "<4.3.4",
        "status": "affected",
        "version": "0",
        "versionType": "git"
    }
]

[1] https://github.com/CVEProject/cvelistV5/blob/main/cves/2025/1xxx/CVE-2025-1866.json

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 .../recipes-connectivity/libwebsockets/libwebsockets_4.5.8.bb   | 2 ++
 1 file changed, 2 insertions(+)
diff mbox series

Patch

diff --git a/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.5.8.bb b/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.5.8.bb
index fc65890d8d..f6d20c1d95 100644
--- a/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.5.8.bb
+++ b/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.5.8.bb
@@ -73,3 +73,5 @@  RDEPENDS:${PN}-dev += " ${@bb.utils.contains('PACKAGECONFIG', 'static', '${PN}-s
 SSTATE_SCAN_FILES += "*.cmake"
 
 BBCLASSEXTEND = "native"
+
+CVE_STATUS[CVE-2025-1866] = "fixed-version: fixed since 4.3.4"