Message ID | 20240429110835.55086-2-ninette@thehoodiefirm.com |
---|---|
State | New |
Headers | show |
Series | sthttpd: Update status for CVE-2017-10671 | expand |
"ignored:" should not be used, see https://git.openembedded.org/openembedded-core/tree/meta/conf/cve-check-map.conf#n17 When CPE matches wrong version, then use "fixed-version:". Also add newline at end of file, please... Peter -----Original Message----- From: openembedded-devel@lists.openembedded.org <openembedded-devel@lists.openembedded.org> On Behalf Of Ninette Adhikari via lists.openembedded.org Sent: Monday, April 29, 2024 13:09 To: openembedded-devel@lists.openembedded.org Cc: engineering@neighbourhood.ie; Ninette Adhikari <ninette@thehoodiefirm.com> Subject: [oe] [PATCH 1/1] sthttpd: Update status for CVE-2017-10671 > Current version 2.27.1 is not affected by the issue. > Affected versions: Up to (excl.) 2.27.1 > > Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com> > --- > meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.1.bb | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.1.bb b/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.1.bb > index b40b14851..0a618c16c 100644 > --- a/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.1.bb > +++ b/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.1.bb > @@ -57,3 +57,5 @@ SYSTEMD_SERVICE:${PN} = "thttpd.service" > > FILES:${PN} += "${SRV_DIR}" > FILES:${PN}-dbg += "${SRV_DIR}/cgi-bin/.debug" > + > +CVE_STATUS[CVE-2017-10671] = "ignored: No action required. The current version (2.27.1) is not affected by the CVE." > \ No newline at end of file > -- > 2.44.0
diff --git a/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.1.bb b/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.1.bb index b40b14851..0a618c16c 100644 --- a/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.1.bb +++ b/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.1.bb @@ -57,3 +57,5 @@ SYSTEMD_SERVICE:${PN} = "thttpd.service" FILES:${PN} += "${SRV_DIR}" FILES:${PN}-dbg += "${SRV_DIR}/cgi-bin/.debug" + +CVE_STATUS[CVE-2017-10671] = "ignored: No action required. The current version (2.27.1) is not affected by the CVE." \ No newline at end of file
Current version 2.27.1 is not affected by the issue. Affected versions: Up to (excl.) 2.27.1 Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com> --- meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.1.bb | 2 ++ 1 file changed, 2 insertions(+)