* [PATCH 0/1] open-vm-tools: Update status for CVE-2014-4199 and CVE-2014-4200
@ 2024-04-29 11:09 Ninette Adhikari
2024-04-29 11:09 ` [PATCH 1/1] " Ninette Adhikari
0 siblings, 1 reply; 4+ messages in thread
From: Ninette Adhikari @ 2024-04-29 11:09 UTC (permalink / raw
To: openembedded-devel; +Cc: engineering, Ninette Adhikari
Current version 12.3.5 is not affected by the issue.
Affected versions: Up to (incl) 10.0.3
Ninette Adhikari (1):
m2: update cve status
.../recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb | 2 ++
1 file changed, 2 insertions(+)
--
2.44.0
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH 1/1] open-vm-tools: Update status for CVE-2014-4199 and CVE-2014-4200
2024-04-29 11:09 [PATCH 0/1] open-vm-tools: Update status for CVE-2014-4199 and CVE-2014-4200 Ninette Adhikari
@ 2024-04-29 11:09 ` Ninette Adhikari
2024-04-29 11:58 ` [oe] " Marko, Peter
0 siblings, 1 reply; 4+ messages in thread
From: Ninette Adhikari @ 2024-04-29 11:09 UTC (permalink / raw
To: openembedded-devel; +Cc: engineering, Ninette Adhikari
Current version 12.3.5 is not affected by the issue.
Affected versions: Up to (incl) 10.0.3
Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com>
---
.../recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb b/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb
index 6696e552c..90d97cf7a 100644
--- a/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb
+++ b/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb
@@ -120,3 +120,5 @@ python() {
}
CVE_PRODUCT = "open-vm-tools vmware:tools"
+CVE_STATUS[CVE-2014-4199] = "ignored: No action required. The current version (12.3.5) is not affected by the CVE which affects version 10.0.3."
+CVE_STATUS[CVE-2014-4200] = "ignored: No action required. The current version (12.3.5) is not affected by the CVE which affects version 10.0.3."
--
2.44.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* RE: [oe] [PATCH 1/1] open-vm-tools: Update status for CVE-2014-4199 and CVE-2014-4200
2024-04-29 11:09 ` [PATCH 1/1] " Ninette Adhikari
@ 2024-04-29 11:58 ` Marko, Peter
2024-04-29 15:26 ` [PATCH v2] " Ninette Adhikari
0 siblings, 1 reply; 4+ messages in thread
From: Marko, Peter @ 2024-04-29 11:58 UTC (permalink / raw
To: ninette@thehoodiefirm.com,
openembedded-devel@lists.openembedded.org
Cc: engineering@neighbourhood.ie
"ignored:" should not be used, see https://git.openembedded.org/openembedded-core/tree/meta/conf/cve-check-map.conf#n17
When CPE matches wrong version, then use "fixed-version:".
Peter
-----Original Message-----
From: openembedded-devel@lists.openembedded.org <openembedded-devel@lists.openembedded.org> On Behalf Of Ninette Adhikari via lists.openembedded.org
Sent: Monday, April 29, 2024 13:10
To: openembedded-devel@lists.openembedded.org
Cc: engineering@neighbourhood.ie; Ninette Adhikari <ninette@thehoodiefirm.com>
Subject: [oe] [PATCH 1/1] open-vm-tools: Update status for CVE-2014-4199 and CVE-2014-4200
> Current version 12.3.5 is not affected by the issue.
> Affected versions: Up to (incl) 10.0.3
>
> Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com>
> ---
> .../recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb b/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb
> index 6696e552c..90d97cf7a 100644
> --- a/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb
> +++ b/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb
> @@ -120,3 +120,5 @@ python() {
> }
>
> CVE_PRODUCT = "open-vm-tools vmware:tools"
> +CVE_STATUS[CVE-2014-4199] = "ignored: No action required. The current version (12.3.5) is not affected by the CVE which affects version 10.0.3."
> +CVE_STATUS[CVE-2014-4200] = "ignored: No action required. The current version (12.3.5) is not affected by the CVE which affects version 10.0.3."
> --
> 2.44.0
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH v2] open-vm-tools: Update status for CVE-2014-4199 and CVE-2014-4200
2024-04-29 11:58 ` [oe] " Marko, Peter
@ 2024-04-29 15:26 ` Ninette Adhikari
0 siblings, 0 replies; 4+ messages in thread
From: Ninette Adhikari @ 2024-04-29 15:26 UTC (permalink / raw
To: openembedded-devel; +Cc: engineering, Peter.Marko, Ninette Adhikari
Current version 12.3.5 is not affected by the issue.
Affected versions: Up to (incl) 10.0.3
---
.../recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb b/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb
index 6696e552c..82aab051f 100644
--- a/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb
+++ b/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb
@@ -120,3 +120,5 @@ python() {
}
CVE_PRODUCT = "open-vm-tools vmware:tools"
+CVE_STATUS[CVE-2014-4199] = "fixed-version: No action required. The current version (12.3.5) is not affected by the CVE which affects version 10.0.3"
+CVE_STATUS[CVE-2014-4200] = "fixed-version: No action required. The current version (12.3.5) is not affected by the CVE which affects version 10.0.3"
--
2.44.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-04-29 15:26 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-04-29 11:09 [PATCH 0/1] open-vm-tools: Update status for CVE-2014-4199 and CVE-2014-4200 Ninette Adhikari
2024-04-29 11:09 ` [PATCH 1/1] " Ninette Adhikari
2024-04-29 11:58 ` [oe] " Marko, Peter
2024-04-29 15:26 ` [PATCH v2] " Ninette Adhikari
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.