[meta-security] tpm2-tss: correct CVE product

Message ID	20230322071804.30917-1-andrej.valek@siemens.com
State	New
Headers	show Return-Path: <andrej.valek@siemens.com> ip: 40.107.104.76, mailfrom: andrej.valek@siemens.com) Received-SPF: Pass (protection.outlook.com: domain of siemens.com designates 194.138.21.76 as permitted sender) receiver=protection.outlook.com; client-ip=194.138.21.76; helo=hybrid.siemens.com; pr=C From: Andrej Valek <andrej.valek@siemens.com> To: <yocto@lists.yoctoproject.org> CC: Peter Marko <peter.marko@siemens.com> Subject: [meta-security][PATCH] tpm2-tss: correct CVE product Date: Wed, 22 Mar 2023 08:18:04 +0100 Message-ID: <20230322071804.30917-1-andrej.valek@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain
Series	[meta-security] tpm2-tss: correct CVE product \| expand [meta-security] tpm2-tss: correct CVE product

Message ID

20230322071804.30917-1-andrej.valek@siemens.com

State

New

Headers

Received-SPF: Pass (protection.outlook.com: domain of siemens.com designates
 194.138.21.76 as permitted sender) receiver=protection.outlook.com;
 client-ip=194.138.21.76; helo=hybrid.siemens.com; pr=C
From: Andrej Valek <andrej.valek@siemens.com>
To: <yocto@lists.yoctoproject.org>
CC: Peter Marko <peter.marko@siemens.com>
Subject: [meta-security][PATCH] tpm2-tss: correct CVE product
Date: Wed, 22 Mar 2023 08:18:04 +0100
Message-ID: <20230322071804.30917-1-andrej.valek@siemens.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Mar 2023 07:18:33.4999
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 2841fb6e-b7be-4477-c20e-08db2aa5a565
X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=38ae3bcd-9579-4fd4-adda-b42e1495d55a;Ip=[194.138.21.76];Helo=[hybrid.siemens.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	HE1EUR01FT033.eop-EUR01.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS1PR10MB5601
List-Id: <yocto.lists.yoctoproject.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <yocto@lists.yoctoproject.org>; Wed, 22 Mar 2023 07:18:42 -0000
X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto/message/59488

Series

[meta-security] tpm2-tss: correct CVE product | expand

Commit Message

Andrej Valek March 22, 2023, 7:18 a.m. UTC

From: Peter Marko <peter.marko@siemens.com>

Currently CVE-2023-22745 does not show up in kirkstone CVE report.
This fixes that.

Products from yocto's CVE check NVD database:
sqlite> select * from products where product like "tpm2%";
CVE-2017-7524|tpm2-tools_project|tpm2.0-tools|||1.1.0|<=
CVE-2020-24455|tpm2_software_stack_project|tpm2_software_stack|||2.4.3|<
CVE-2020-24455|tpm2_software_stack_project|tpm2_software_stack|3.0.0|>=|3.0.1|<
CVE-2021-3565|tpm2-tools_project|tpm2-tools|5.1|>=|5.1.1|<
CVE-2021-3565|tpm2-tools_project|tpm2-tools|||4.3.2|<
CVE-2023-22745|tpm2_software_stack_project|tpm2_software_stack|||4.0.0|<=

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb b/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb
index 657a2cd..cc7e6ae 100644
--- a/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb
@@ -14,6 +14,8 @@  SRC_URI[sha256sum] = "532a70133910b6bd842289915b3f9423c0205c0ea009d65294ca18a740
 
 UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases"
 
+CVE_PRODUCT = "tpm2_software_stack"
+
 inherit autotools pkgconfig systemd useradd
 
 PACKAGECONFIG ??= "vendor"

[meta-security] tpm2-tss: correct CVE product

Commit Message

Patch